From 168aa56f1855873eaabc193a34c814217bbc94e2 Mon Sep 17 00:00:00 2001
From: WPT Sync Bot <josh+wptsync@joshmatthews.net>
Date: Fri, 13 Mar 2020 08:20:28 +0000
Subject: [PATCH] Update web-platform-tests to revision
72be34c4c6d45039320e271325cad0c99615d0c4
---
tests/wpt/metadata/MANIFEST.json | 3168 ++++++++++++++++-
.../CSS2/floats/hit-test-floats-002.html.ini | 4 +
.../CSS2/floats/hit-test-floats-003.html.ini | 4 -
.../CSS2/floats/hit-test-floats-004.html.ini | 4 -
.../cssom-view/elementFromPoint-001.html.ini | 4 +
.../elementsFromPoint-iframes.html.ini | 3 +
.../elementsFromPoint-invalid-cases.html.ini | 4 -
.../fetch/content-type/response.window.js.ini | 9 +-
.../nosniff/parsing-nosniff.window.js.ini | 3 +
.../traverse_the_history_1.html.ini | 4 +
.../traverse_the_history_3.html.ini | 4 -
.../traverse_the_history_4.html.ini | 4 -
.../supported-elements.html.ini | 12 +-
.../iframe_sandbox_popups_escaping-3.html.ini | 3 +-
.../execution-timing/077.html.ini | 4 +
.../audiobuffersource-multi-channels.html.ini | 3 +
.../sub-sample-buffer-stitching.html.ini | 6 +
.../webmessaging/with-ports/018.html.ini | 5 +
.../webmessaging/without-ports/017.html.ini | 5 +
...t_subscription_inputSources.https.html.ini | 2 +
...d-worker-in-data-url-context.window.js.ini | 5 +-
.../security-features/resources/common.sub.js | 10 +-
.../common/security-features/scope/worker.py | 4 +
.../security-features/tools/spec.src.json | 94 +-
.../common/security-features/tools/util.py | 12 +-
...le.html => report-clips-sample.https.html} | 0
...-ready-check-containing-iframe-manual.html | 8 +-
...ck-containing-iframe-manual.tentative.html | 29 -
.../generic-sensor-feature-policy-test.sub.js | 4 -
.../cache-storage-reporting.https.html | 4 +-
.../reporting.https.html | 97 +
.../resources/fetch-in-dedicated-worker.js | 6 +
...ry-cross-origin-iframe.tentative.window.js | 13 +-
...gin-redirecting-iframe.tentative.window.js | 30 +
...ory-same-origin-iframe.tentative.window.js | 14 +-
.../measure-memory/resources/child.sub.html | 9 +
.../measure-memory/resources/common.js | 6 +-
.../resources/grandchild.sub.html | 5 +
.../resources/redirecting-child.sub.html | 12 +
.../fetch/cross-http.keep-scheme.https.html | 45 +
.../fetch/cross-http.no-redirect.https.html | 45 +
.../fetch/cross-http.swap-scheme.https.html | 45 +
.../fetch/cross-https.swap-scheme.https.html | 45 +
.../fetch/same-http.keep-scheme.https.html | 45 +
.../fetch/same-http.no-redirect.https.html | 45 +
.../fetch/same-http.swap-scheme.https.html | 45 +
.../fetch/same-https.keep-scheme.https.html | 45 +
.../fetch/same-https.no-redirect.https.html | 45 +
.../fetch/same-https.swap-scheme.https.html | 45 +
.../websocket/cross-ws.no-redirect.https.html | 45 +
.../websocket/same-ws.no-redirect.https.html | 45 +
.../websocket/same-wss.no-redirect.https.html | 45 +
.../xhr/cross-http.keep-scheme.https.html | 45 +
.../xhr/cross-http.no-redirect.https.html | 45 +
.../xhr/cross-http.swap-scheme.https.html | 45 +
.../xhr/cross-https.swap-scheme.https.html | 45 +
.../xhr/same-http.keep-scheme.https.html | 45 +
.../xhr/same-http.no-redirect.https.html | 45 +
.../xhr/same-http.swap-scheme.https.html | 45 +
.../xhr/same-https.keep-scheme.https.html | 45 +
.../xhr/same-https.no-redirect.https.html | 45 +
.../xhr/same-https.swap-scheme.https.html | 45 +
.../fetch/cross-http.keep-scheme.https.html | 45 +
.../fetch/cross-http.no-redirect.https.html | 45 +
.../fetch/cross-http.swap-scheme.https.html | 45 +
.../fetch/cross-https.swap-scheme.https.html | 45 +
.../fetch/same-http.keep-scheme.https.html | 45 +
.../fetch/same-http.no-redirect.https.html | 45 +
.../fetch/same-http.swap-scheme.https.html | 45 +
.../fetch/same-https.keep-scheme.https.html | 45 +
.../fetch/same-https.no-redirect.https.html | 45 +
.../fetch/same-https.swap-scheme.https.html | 45 +
.../websocket/cross-ws.no-redirect.https.html | 45 +
.../websocket/same-ws.no-redirect.https.html | 45 +
.../websocket/same-wss.no-redirect.https.html | 45 +
.../xhr/cross-http.keep-scheme.https.html | 45 +
.../xhr/cross-http.no-redirect.https.html | 45 +
.../xhr/cross-http.swap-scheme.https.html | 45 +
.../xhr/cross-https.swap-scheme.https.html | 45 +
.../xhr/same-http.keep-scheme.https.html | 45 +
.../xhr/same-http.no-redirect.https.html | 45 +
.../xhr/same-http.swap-scheme.https.html | 45 +
.../xhr/same-https.keep-scheme.https.html | 45 +
.../xhr/same-https.no-redirect.https.html | 45 +
.../xhr/same-https.swap-scheme.https.html | 45 +
.../fetch/cross-http.keep-scheme.https.html | 39 +
.../cross-http.keep-scheme.https.html.headers | 1 +
.../fetch/cross-http.no-redirect.https.html | 39 +
.../cross-http.no-redirect.https.html.headers | 1 +
.../fetch/cross-http.swap-scheme.https.html | 39 +
.../cross-http.swap-scheme.https.html.headers | 1 +
.../fetch/cross-https.swap-scheme.https.html | 39 +
...cross-https.swap-scheme.https.html.headers | 1 +
.../fetch/same-http.keep-scheme.https.html | 39 +
.../same-http.keep-scheme.https.html.headers | 1 +
.../fetch/same-http.no-redirect.https.html | 39 +
.../same-http.no-redirect.https.html.headers | 1 +
.../fetch/same-http.swap-scheme.https.html | 39 +
.../same-http.swap-scheme.https.html.headers | 1 +
.../fetch/same-https.keep-scheme.https.html | 39 +
.../same-https.keep-scheme.https.html.headers | 1 +
.../fetch/same-https.no-redirect.https.html | 39 +
.../same-https.no-redirect.https.html.headers | 1 +
.../fetch/same-https.swap-scheme.https.html | 39 +
.../same-https.swap-scheme.https.html.headers | 1 +
.../websocket/cross-ws.no-redirect.https.html | 39 +
.../cross-ws.no-redirect.https.html.headers | 1 +
.../websocket/same-ws.no-redirect.https.html | 39 +
.../same-ws.no-redirect.https.html.headers | 1 +
.../websocket/same-wss.no-redirect.https.html | 39 +
.../same-wss.no-redirect.https.html.headers | 1 +
.../same-http.keep-scheme.https.html | 39 +
.../same-http.keep-scheme.https.html.headers | 1 +
.../same-http.no-redirect.https.html | 39 +
.../same-http.no-redirect.https.html.headers | 1 +
.../same-https.keep-scheme.https.html | 39 +
.../same-https.keep-scheme.https.html.headers | 1 +
.../same-https.no-redirect.https.html | 39 +
.../same-https.no-redirect.https.html.headers | 1 +
.../same-http.keep-scheme.https.html | 39 +
.../same-http.keep-scheme.https.html.headers | 1 +
.../same-http.no-redirect.https.html | 39 +
.../same-http.no-redirect.https.html.headers | 1 +
.../same-https.keep-scheme.https.html | 39 +
.../same-https.keep-scheme.https.html.headers | 1 +
.../same-https.no-redirect.https.html | 39 +
.../same-https.no-redirect.https.html.headers | 1 +
.../xhr/cross-http.keep-scheme.https.html | 39 +
.../cross-http.keep-scheme.https.html.headers | 1 +
.../xhr/cross-http.no-redirect.https.html | 39 +
.../cross-http.no-redirect.https.html.headers | 1 +
.../xhr/cross-http.swap-scheme.https.html | 39 +
.../cross-http.swap-scheme.https.html.headers | 1 +
.../xhr/cross-https.swap-scheme.https.html | 39 +
...cross-https.swap-scheme.https.html.headers | 1 +
.../xhr/same-http.keep-scheme.https.html | 39 +
.../same-http.keep-scheme.https.html.headers | 1 +
.../xhr/same-http.no-redirect.https.html | 39 +
.../same-http.no-redirect.https.html.headers | 1 +
.../xhr/same-http.swap-scheme.https.html | 39 +
.../same-http.swap-scheme.https.html.headers | 1 +
.../xhr/same-https.keep-scheme.https.html | 39 +
.../same-https.keep-scheme.https.html.headers | 1 +
.../xhr/same-https.no-redirect.https.html | 39 +
.../same-https.no-redirect.https.html.headers | 1 +
.../xhr/same-https.swap-scheme.https.html | 39 +
.../same-https.swap-scheme.https.html.headers | 1 +
.../fetch/cross-http.no-redirect.https.html | 40 +
.../fetch/same-http.no-redirect.https.html | 40 +
.../fetch/same-https.no-redirect.https.html | 40 +
.../websocket/cross-ws.no-redirect.https.html | 40 +
.../websocket/same-ws.no-redirect.https.html | 40 +
.../websocket/same-wss.no-redirect.https.html | 40 +
.../same-http.no-redirect.https.html | 40 +
.../same-https.no-redirect.https.html | 40 +
.../same-http.no-redirect.https.html | 40 +
.../same-https.no-redirect.https.html | 40 +
.../xhr/cross-http.no-redirect.https.html | 40 +
.../xhr/same-http.no-redirect.https.html | 40 +
.../xhr/same-https.no-redirect.https.html | 40 +
.../fetch/cross-http.keep-scheme.https.html | 45 +
.../fetch/cross-http.no-redirect.https.html | 45 +
.../fetch/cross-http.swap-scheme.https.html | 45 +
.../fetch/same-http.keep-scheme.https.html | 45 +
.../fetch/same-http.no-redirect.https.html | 45 +
.../fetch/same-http.swap-scheme.https.html | 45 +
.../fetch/same-https.keep-scheme.https.html | 45 +
.../fetch/same-https.no-redirect.https.html | 45 +
.../websocket/cross-ws.no-redirect.https.html | 45 +
.../websocket/same-ws.no-redirect.https.html | 45 +
.../websocket/same-wss.no-redirect.https.html | 45 +
.../same-http.keep-scheme.https.html | 45 +
.../same-http.no-redirect.https.html | 45 +
.../same-https.keep-scheme.https.html | 45 +
.../same-https.no-redirect.https.html | 45 +
.../same-http.keep-scheme.https.html | 45 +
.../same-http.no-redirect.https.html | 45 +
.../same-https.keep-scheme.https.html | 45 +
.../same-https.no-redirect.https.html | 45 +
.../xhr/cross-http.keep-scheme.https.html | 45 +
.../xhr/cross-http.no-redirect.https.html | 45 +
.../xhr/cross-http.swap-scheme.https.html | 45 +
.../xhr/same-http.keep-scheme.https.html | 45 +
.../xhr/same-http.no-redirect.https.html | 45 +
.../xhr/same-http.swap-scheme.https.html | 45 +
.../xhr/same-https.keep-scheme.https.html | 45 +
.../xhr/same-https.no-redirect.https.html | 45 +
.../fetch/cross-http.keep-scheme.https.html | 39 +
.../cross-http.keep-scheme.https.html.headers | 1 +
.../fetch/cross-http.no-redirect.https.html | 39 +
.../cross-http.no-redirect.https.html.headers | 1 +
.../fetch/cross-http.swap-scheme.https.html | 39 +
.../cross-http.swap-scheme.https.html.headers | 1 +
.../fetch/cross-https.swap-scheme.https.html | 39 +
...cross-https.swap-scheme.https.html.headers | 1 +
.../fetch/same-http.keep-scheme.https.html | 39 +
.../same-http.keep-scheme.https.html.headers | 1 +
.../fetch/same-http.no-redirect.https.html | 39 +
.../same-http.no-redirect.https.html.headers | 1 +
.../fetch/same-http.swap-scheme.https.html | 39 +
.../same-http.swap-scheme.https.html.headers | 1 +
.../fetch/same-https.keep-scheme.https.html | 39 +
.../same-https.keep-scheme.https.html.headers | 1 +
.../fetch/same-https.no-redirect.https.html | 39 +
.../same-https.no-redirect.https.html.headers | 1 +
.../fetch/same-https.swap-scheme.https.html | 39 +
.../same-https.swap-scheme.https.html.headers | 1 +
.../websocket/cross-ws.no-redirect.https.html | 39 +
.../cross-ws.no-redirect.https.html.headers | 1 +
.../websocket/same-ws.no-redirect.https.html | 39 +
.../same-ws.no-redirect.https.html.headers | 1 +
.../websocket/same-wss.no-redirect.https.html | 39 +
.../same-wss.no-redirect.https.html.headers | 1 +
.../same-http.keep-scheme.https.html | 39 +
.../same-http.keep-scheme.https.html.headers | 1 +
.../same-http.no-redirect.https.html | 39 +
.../same-http.no-redirect.https.html.headers | 1 +
.../same-https.keep-scheme.https.html | 39 +
.../same-https.keep-scheme.https.html.headers | 1 +
.../same-https.no-redirect.https.html | 39 +
.../same-https.no-redirect.https.html.headers | 1 +
.../same-http.keep-scheme.https.html | 39 +
.../same-http.keep-scheme.https.html.headers | 1 +
.../same-http.no-redirect.https.html | 39 +
.../same-http.no-redirect.https.html.headers | 1 +
.../same-https.keep-scheme.https.html | 39 +
.../same-https.keep-scheme.https.html.headers | 1 +
.../same-https.no-redirect.https.html | 39 +
.../same-https.no-redirect.https.html.headers | 1 +
.../xhr/cross-http.keep-scheme.https.html | 39 +
.../cross-http.keep-scheme.https.html.headers | 1 +
.../xhr/cross-http.no-redirect.https.html | 39 +
.../cross-http.no-redirect.https.html.headers | 1 +
.../xhr/cross-http.swap-scheme.https.html | 39 +
.../cross-http.swap-scheme.https.html.headers | 1 +
.../xhr/cross-https.swap-scheme.https.html | 39 +
...cross-https.swap-scheme.https.html.headers | 1 +
.../xhr/same-http.keep-scheme.https.html | 39 +
.../same-http.keep-scheme.https.html.headers | 1 +
.../xhr/same-http.no-redirect.https.html | 39 +
.../same-http.no-redirect.https.html.headers | 1 +
.../xhr/same-http.swap-scheme.https.html | 39 +
.../same-http.swap-scheme.https.html.headers | 1 +
.../xhr/same-https.keep-scheme.https.html | 39 +
.../same-https.keep-scheme.https.html.headers | 1 +
.../xhr/same-https.no-redirect.https.html | 39 +
.../same-https.no-redirect.https.html.headers | 1 +
.../xhr/same-https.swap-scheme.https.html | 39 +
.../same-https.swap-scheme.https.html.headers | 1 +
.../fetch/cross-http.no-redirect.https.html | 40 +
.../fetch/same-http.no-redirect.https.html | 40 +
.../fetch/same-https.no-redirect.https.html | 40 +
.../websocket/cross-ws.no-redirect.https.html | 40 +
.../websocket/same-ws.no-redirect.https.html | 40 +
.../websocket/same-wss.no-redirect.https.html | 40 +
.../same-http.no-redirect.https.html | 40 +
.../same-https.no-redirect.https.html | 40 +
.../same-http.no-redirect.https.html | 40 +
.../same-https.no-redirect.https.html | 40 +
.../xhr/cross-http.no-redirect.https.html | 40 +
.../xhr/same-http.no-redirect.https.html | 40 +
.../xhr/same-https.no-redirect.https.html | 40 +
.../fetch/cross-http.keep-scheme.https.html | 45 +
.../fetch/cross-http.no-redirect.https.html | 45 +
.../fetch/cross-http.swap-scheme.https.html | 45 +
.../fetch/same-http.keep-scheme.https.html | 45 +
.../fetch/same-http.no-redirect.https.html | 45 +
.../fetch/same-http.swap-scheme.https.html | 45 +
.../fetch/same-https.keep-scheme.https.html | 45 +
.../fetch/same-https.no-redirect.https.html | 45 +
.../websocket/cross-ws.no-redirect.https.html | 45 +
.../websocket/same-ws.no-redirect.https.html | 45 +
.../websocket/same-wss.no-redirect.https.html | 45 +
.../same-http.keep-scheme.https.html | 45 +
.../same-http.no-redirect.https.html | 45 +
.../same-https.keep-scheme.https.html | 45 +
.../same-https.no-redirect.https.html | 45 +
.../same-http.keep-scheme.https.html | 45 +
.../same-http.no-redirect.https.html | 45 +
.../same-https.keep-scheme.https.html | 45 +
.../same-https.no-redirect.https.html | 45 +
.../xhr/cross-http.keep-scheme.https.html | 45 +
.../xhr/cross-http.no-redirect.https.html | 45 +
.../xhr/cross-http.swap-scheme.https.html | 45 +
.../xhr/same-http.keep-scheme.https.html | 45 +
.../xhr/same-http.no-redirect.https.html | 45 +
.../xhr/same-http.swap-scheme.https.html | 45 +
.../xhr/same-https.keep-scheme.https.html | 45 +
.../xhr/same-https.no-redirect.https.html | 45 +
.../mixed-content/generic/spec_json.js | 2 +-
.../mixed-content/spec.src.json | 17 +-
.../referrer-policy/spec.src.json | 17 +
.../path-absolute-endpoint.https.sub.html | 69 +
...solute-endpoint.https.sub.html.sub.headers | 2 +
.../reporting/resources/fail.png | Bin 0 -> 759 bytes
.../reporting/resources/report-helper.js | 22 +
.../reporting/resources/report.py | 17 +
.../chromium/webxr-test-math-helper.js | 21 +
.../resources/chromium/webxr-test.js | 65 +-
.../tools/wptrunner/requirements_firefox.txt | 2 +-
.../wptrunner/wptrunner/browsers/base.py | 4 -
.../wptrunner/wptrunner/browsers/firefox.py | 601 +++-
.../wptrunner/browsers/firefox_android.py | 151 +-
.../wptrunner/wptrunner/wptcommandline.py | 8 +
...types-for-report-only.tentative.https.html | 8 +-
...ire-trusted-types-for.tentative.https.html | 6 +-
...e-require-trusted-types-for.tentative.html | 24 +
...e-trusted-types-for.tentative.html.headers | 1 +
.../cross-http-downgrade.downgrade.https.html | 45 +
...ross-http-downgrade.no-redirect.https.html | 45 +
.../fetch/cross-https.downgrade.https.html | 45 +
.../same-http-downgrade.downgrade.https.html | 45 +
...same-http-downgrade.no-redirect.https.html | 45 +
.../fetch/same-https.downgrade.https.html | 45 +
.../cross-ws-downgrade.no-redirect.https.html | 45 +
.../same-ws-downgrade.no-redirect.https.html | 45 +
.../cross-http-downgrade.downgrade.https.html | 45 +
...ross-http-downgrade.no-redirect.https.html | 45 +
.../xhr/cross-https.downgrade.https.html | 45 +
.../same-http-downgrade.downgrade.https.html | 45 +
...same-http-downgrade.no-redirect.https.html | 45 +
.../xhr/same-https.downgrade.https.html | 45 +
.../cross-http-downgrade.downgrade.https.html | 45 +
...ross-http-downgrade.no-redirect.https.html | 45 +
.../fetch/cross-https.downgrade.https.html | 45 +
.../same-http-downgrade.downgrade.https.html | 45 +
...same-http-downgrade.no-redirect.https.html | 45 +
.../fetch/same-https.downgrade.https.html | 45 +
.../cross-ws-downgrade.no-redirect.https.html | 45 +
.../same-ws-downgrade.no-redirect.https.html | 45 +
.../cross-http-downgrade.downgrade.https.html | 45 +
...ross-http-downgrade.no-redirect.https.html | 45 +
.../xhr/cross-https.downgrade.https.html | 45 +
.../same-http-downgrade.downgrade.https.html | 45 +
...same-http-downgrade.no-redirect.https.html | 45 +
.../xhr/same-https.downgrade.https.html | 45 +
.../cross-http-downgrade.downgrade.https.html | 39 +
...ttp-downgrade.downgrade.https.html.headers | 1 +
...ross-http-downgrade.no-redirect.https.html | 39 +
...p-downgrade.no-redirect.https.html.headers | 1 +
.../fetch/cross-https.downgrade.https.html | 39 +
.../cross-https.downgrade.https.html.headers | 1 +
.../same-http-downgrade.downgrade.https.html | 39 +
...ttp-downgrade.downgrade.https.html.headers | 1 +
...same-http-downgrade.no-redirect.https.html | 39 +
...p-downgrade.no-redirect.https.html.headers | 1 +
.../fetch/same-https.downgrade.https.html | 39 +
.../same-https.downgrade.https.html.headers | 1 +
.../cross-ws-downgrade.no-redirect.https.html | 39 +
...s-downgrade.no-redirect.https.html.headers | 1 +
.../same-ws-downgrade.no-redirect.https.html | 39 +
...s-downgrade.no-redirect.https.html.headers | 1 +
.../same-http-downgrade.downgrade.https.html | 39 +
...ttp-downgrade.downgrade.https.html.headers | 1 +
...same-http-downgrade.no-redirect.https.html | 39 +
...p-downgrade.no-redirect.https.html.headers | 1 +
.../same-https.downgrade.https.html | 39 +
.../same-https.downgrade.https.html.headers | 1 +
.../same-http-downgrade.downgrade.https.html | 39 +
...ttp-downgrade.downgrade.https.html.headers | 1 +
...same-http-downgrade.no-redirect.https.html | 39 +
...p-downgrade.no-redirect.https.html.headers | 1 +
.../same-https.downgrade.https.html | 39 +
.../same-https.downgrade.https.html.headers | 1 +
.../cross-http-downgrade.downgrade.https.html | 39 +
...ttp-downgrade.downgrade.https.html.headers | 1 +
...ross-http-downgrade.no-redirect.https.html | 39 +
...p-downgrade.no-redirect.https.html.headers | 1 +
.../xhr/cross-https.downgrade.https.html | 39 +
.../cross-https.downgrade.https.html.headers | 1 +
.../same-http-downgrade.downgrade.https.html | 39 +
...ttp-downgrade.downgrade.https.html.headers | 1 +
...same-http-downgrade.no-redirect.https.html | 39 +
...p-downgrade.no-redirect.https.html.headers | 1 +
.../xhr/same-https.downgrade.https.html | 39 +
.../same-https.downgrade.https.html.headers | 1 +
.../cross-http-downgrade.downgrade.https.html | 45 +
...ross-http-downgrade.no-redirect.https.html | 45 +
.../fetch/cross-https.downgrade.https.html | 45 +
.../same-http-downgrade.downgrade.https.html | 45 +
...same-http-downgrade.no-redirect.https.html | 45 +
.../fetch/same-https.downgrade.https.html | 45 +
.../cross-ws-downgrade.no-redirect.https.html | 45 +
.../same-ws-downgrade.no-redirect.https.html | 45 +
.../same-http-downgrade.downgrade.https.html | 45 +
...same-http-downgrade.no-redirect.https.html | 45 +
.../same-https.downgrade.https.html | 45 +
.../same-http-downgrade.downgrade.https.html | 45 +
...same-http-downgrade.no-redirect.https.html | 45 +
.../same-https.downgrade.https.html | 45 +
.../cross-http-downgrade.downgrade.https.html | 45 +
...ross-http-downgrade.no-redirect.https.html | 45 +
.../xhr/cross-https.downgrade.https.html | 45 +
.../same-http-downgrade.downgrade.https.html | 45 +
...same-http-downgrade.no-redirect.https.html | 45 +
.../unset/xhr/same-https.downgrade.https.html | 45 +
.../cross-http-downgrade.downgrade.https.html | 40 +
...ross-http-downgrade.no-redirect.https.html | 40 +
.../fetch/cross-https.downgrade.https.html | 40 +
.../same-http-downgrade.downgrade.https.html | 40 +
...same-http-downgrade.no-redirect.https.html | 40 +
.../fetch/same-https.downgrade.https.html | 40 +
.../cross-ws-downgrade.no-redirect.https.html | 40 +
.../same-ws-downgrade.no-redirect.https.html | 40 +
.../same-http-downgrade.downgrade.https.html | 40 +
...same-http-downgrade.no-redirect.https.html | 40 +
.../same-https.downgrade.https.html | 40 +
.../same-http-downgrade.downgrade.https.html | 40 +
...same-http-downgrade.no-redirect.https.html | 40 +
.../same-https.downgrade.https.html | 40 +
.../cross-http-downgrade.downgrade.https.html | 40 +
...ross-http-downgrade.no-redirect.https.html | 40 +
.../xhr/cross-https.downgrade.https.html | 40 +
.../same-http-downgrade.downgrade.https.html | 40 +
...same-http-downgrade.no-redirect.https.html | 40 +
.../xhr/same-https.downgrade.https.html | 40 +
.../cross-http-downgrade.downgrade.https.html | 39 +
...ttp-downgrade.downgrade.https.html.headers | 1 +
...ross-http-downgrade.no-redirect.https.html | 39 +
...p-downgrade.no-redirect.https.html.headers | 1 +
.../fetch/cross-https.downgrade.https.html | 39 +
.../cross-https.downgrade.https.html.headers | 1 +
.../same-http-downgrade.downgrade.https.html | 39 +
...ttp-downgrade.downgrade.https.html.headers | 1 +
...same-http-downgrade.no-redirect.https.html | 39 +
...p-downgrade.no-redirect.https.html.headers | 1 +
.../fetch/same-https.downgrade.https.html | 39 +
.../same-https.downgrade.https.html.headers | 1 +
.../cross-ws-downgrade.no-redirect.https.html | 39 +
...s-downgrade.no-redirect.https.html.headers | 1 +
.../same-ws-downgrade.no-redirect.https.html | 39 +
...s-downgrade.no-redirect.https.html.headers | 1 +
.../same-http-downgrade.downgrade.https.html | 39 +
...ttp-downgrade.downgrade.https.html.headers | 1 +
...same-http-downgrade.no-redirect.https.html | 39 +
...p-downgrade.no-redirect.https.html.headers | 1 +
.../same-https.downgrade.https.html | 39 +
.../same-https.downgrade.https.html.headers | 1 +
.../same-http-downgrade.downgrade.https.html | 39 +
...ttp-downgrade.downgrade.https.html.headers | 1 +
...same-http-downgrade.no-redirect.https.html | 39 +
...p-downgrade.no-redirect.https.html.headers | 1 +
.../same-https.downgrade.https.html | 39 +
.../same-https.downgrade.https.html.headers | 1 +
.../cross-http-downgrade.downgrade.https.html | 39 +
...ttp-downgrade.downgrade.https.html.headers | 1 +
...ross-http-downgrade.no-redirect.https.html | 39 +
...p-downgrade.no-redirect.https.html.headers | 1 +
.../xhr/cross-https.downgrade.https.html | 39 +
.../cross-https.downgrade.https.html.headers | 1 +
.../same-http-downgrade.downgrade.https.html | 39 +
...ttp-downgrade.downgrade.https.html.headers | 1 +
...same-http-downgrade.no-redirect.https.html | 39 +
...p-downgrade.no-redirect.https.html.headers | 1 +
.../xhr/same-https.downgrade.https.html | 39 +
.../same-https.downgrade.https.html.headers | 1 +
.../cross-http-downgrade.downgrade.https.html | 45 +
...ross-http-downgrade.no-redirect.https.html | 45 +
.../fetch/cross-https.downgrade.https.html | 45 +
.../same-http-downgrade.downgrade.https.html | 45 +
...same-http-downgrade.no-redirect.https.html | 45 +
.../fetch/same-https.downgrade.https.html | 45 +
.../cross-ws-downgrade.no-redirect.https.html | 45 +
.../same-ws-downgrade.no-redirect.https.html | 45 +
.../same-http-downgrade.downgrade.https.html | 45 +
...same-http-downgrade.no-redirect.https.html | 45 +
.../same-https.downgrade.https.html | 45 +
.../same-http-downgrade.downgrade.https.html | 45 +
...same-http-downgrade.no-redirect.https.html | 45 +
.../same-https.downgrade.https.html | 45 +
.../cross-http-downgrade.downgrade.https.html | 45 +
...ross-http-downgrade.no-redirect.https.html | 45 +
.../xhr/cross-https.downgrade.https.html | 45 +
.../same-http-downgrade.downgrade.https.html | 45 +
...same-http-downgrade.no-redirect.https.html | 45 +
.../unset/xhr/same-https.downgrade.https.html | 45 +
.../cross-http-downgrade.downgrade.https.html | 40 +
...ross-http-downgrade.no-redirect.https.html | 40 +
.../fetch/cross-https.downgrade.https.html | 40 +
.../same-http-downgrade.downgrade.https.html | 40 +
...same-http-downgrade.no-redirect.https.html | 40 +
.../fetch/same-https.downgrade.https.html | 40 +
.../cross-ws-downgrade.no-redirect.https.html | 40 +
.../same-ws-downgrade.no-redirect.https.html | 40 +
.../same-http-downgrade.downgrade.https.html | 40 +
...same-http-downgrade.no-redirect.https.html | 40 +
.../same-https.downgrade.https.html | 40 +
.../same-http-downgrade.downgrade.https.html | 40 +
...same-http-downgrade.no-redirect.https.html | 40 +
.../same-https.downgrade.https.html | 40 +
.../cross-http-downgrade.downgrade.https.html | 40 +
...ross-http-downgrade.no-redirect.https.html | 40 +
.../xhr/cross-https.downgrade.https.html | 40 +
.../same-http-downgrade.downgrade.https.html | 40 +
...same-http-downgrade.no-redirect.https.html | 40 +
.../xhr/same-https.downgrade.https.html | 40 +
.../generic/spec_json.js | 2 +-
.../upgrade-insecure-requests/spec.src.json | 17 +-
.../interfaces/Animatable/animate.html | 6 +-
.../interfaces/KeyframeEffect/target.html | 7 +-
.../webrtc/RTCPeerConnection-close.html | 18 -
...ttest_subscription_inputSources.https.html | 171 +
..._hittest_subscription_refSpaces.https.html | 2 +-
503 files changed, 18722 insertions(+), 435 deletions(-)
create mode 100644 tests/wpt/metadata/css/CSS2/floats/hit-test-floats-002.html.ini
delete mode 100644 tests/wpt/metadata/css/CSS2/floats/hit-test-floats-003.html.ini
delete mode 100644 tests/wpt/metadata/css/CSS2/floats/hit-test-floats-004.html.ini
create mode 100644 tests/wpt/metadata/css/cssom-view/elementFromPoint-001.html.ini
delete mode 100644 tests/wpt/metadata/css/cssom-view/elementsFromPoint-invalid-cases.html.ini
create mode 100644 tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_1.html.ini
delete mode 100644 tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_3.html.ini
delete mode 100644 tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_4.html.ini
create mode 100644 tests/wpt/metadata/html/semantics/scripting-1/the-script-element/execution-timing/077.html.ini
create mode 100644 tests/wpt/metadata/webmessaging/with-ports/018.html.ini
create mode 100644 tests/wpt/metadata/webmessaging/without-ports/017.html.ini
create mode 100644 tests/wpt/metadata/webxr/hit-test/ar_hittest_subscription_inputSources.https.html.ini
rename tests/wpt/web-platform-tests/content-security-policy/reporting/{report-clips-sample.html => report-clips-sample.https.html} (100%)
delete mode 100644 tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.tentative.html
create mode 100644 tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/resources/fetch-in-dedicated-worker.js
create mode 100644 tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-redirecting-iframe.tentative.window.js
create mode 100644 tests/wpt/web-platform-tests/measure-memory/resources/redirecting-child.sub.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/same-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/same-wss.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/same-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/same-wss.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/cross-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/same-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/same-wss.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-classic/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-classic/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-module/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-module/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/cross-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/same-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/same-wss.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/cross-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/same-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/same-wss.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-classic/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-classic/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-module/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-module/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/cross-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/same-ws.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/same-wss.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.swap-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-https.keep-scheme.https.html
create mode 100644 tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-https.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/reporting/path-absolute-endpoint.https.sub.html
create mode 100644 tests/wpt/web-platform-tests/reporting/path-absolute-endpoint.https.sub.html.sub.headers
create mode 100644 tests/wpt/web-platform-tests/reporting/resources/fail.png
create mode 100644 tests/wpt/web-platform-tests/reporting/resources/report-helper.js
create mode 100644 tests/wpt/web-platform-tests/reporting/resources/report.py
create mode 100644 tests/wpt/web-platform-tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html
create mode 100644 tests/wpt/web-platform-tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html
create mode 100644 tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-https.downgrade.https.html
delete mode 100644 tests/wpt/web-platform-tests/webrtc/RTCPeerConnection-close.html
create mode 100644 tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_inputSources.https.html
diff --git a/tests/wpt/metadata/MANIFEST.json b/tests/wpt/metadata/MANIFEST.json
index f62d6f1bec8..b2f66c235ba 100644
--- a/tests/wpt/metadata/MANIFEST.json
+++ b/tests/wpt/metadata/MANIFEST.json
@@ -14259,14 +14259,7 @@
]
],
"element-ready-check-containing-iframe-manual.html": [
- "0649549265682b7eb8c0f851603d816e89e1cf47",
- [
- null,
- {}
- ]
- ],
- "element-ready-check-containing-iframe-manual.tentative.html": [
- "08c420ec0243d67c831124f825e39be492513129",
+ "8cadbf72cf7907d453a000c3604a4d10e09fe51a",
[
null,
{}
@@ -240497,7 +240490,7 @@
],
"resources": {
"common.sub.js": [
- "83b034205a6e7aaabbdd7e8a2da5d3d605a81d85",
+ "aa6b5ddf23a3ea786ea938744a5da87b313434e0",
[]
],
"common.sub.js.headers": [
@@ -240525,7 +240518,7 @@
[]
],
"worker.py": [
- "bdad52c6a84a054f1e313fdc905af80a9120a44e",
+ "716bcb8efffb84384dfc5620c1a8f6a0d193a878",
[]
]
},
@@ -240631,7 +240624,7 @@
[]
],
"spec.src.json": [
- "7cf6a06c0f53492b7cb0f54b6db90688b649c1fc",
+ "0b5d6b7f7a7f8fb06dc512c6459d6b275a7e4aa1",
[]
],
"spec_validator.py": [
@@ -240657,7 +240650,7 @@
]
},
"util.py": [
- "cb89c96e34095528784fbee3de9353e3f624a2c0",
+ "88868476e8d3fb95dd1b74644bc14ae9154ba93b",
[]
]
},
@@ -314215,7 +314208,7 @@
[]
],
"generic-sensor-feature-policy-test.sub.js": [
- "2a1fba9f83c39f60beeba12d5e6c086d550dc4da",
+ "20436be80076abe3cedd22214bd176564af8ee87",
[]
],
"generic-sensor-iframe-tests.sub.js": [
@@ -315744,6 +315737,10 @@
"6604450991a122e3e241e40b1b9e0516c525389d",
[]
],
+ "fetch-in-dedicated-worker.js": [
+ "bd60d07952ccbf2f4c6954ce65083ce0eada13f4",
+ []
+ ],
"iframe.html": [
"a6b74ad924aa108e15603544f7b0a80a3e18940b",
[]
@@ -326478,15 +326475,19 @@
],
"resources": {
"child.sub.html": [
- "f52b5eefbc5d0cf0dd88ee9103f851d632268f5d",
+ "a0d10e13554b6b0928220ba400e53bcbe0e26d57",
[]
],
"common.js": [
- "f7332a862277d44a70455f6b4edd57be8f10d98f",
+ "1347c5bdb73cc3280a1270167bfbbac3bc3098ea",
[]
],
"grandchild.sub.html": [
- "98522e0649e505d66766b9d8c62946a5513aa5a1",
+ "0f11bce0e025a11aac9b8b6f8df480246a5ab4df",
+ []
+ ],
+ "redirecting-child.sub.html": [
+ "732c54109660fc09f7c04578ce8965b1c5307f9c",
[]
]
}
@@ -328271,6 +328272,144 @@
}
}
},
+ "worker-classic-inherit.http-rp": {
+ "opt-in": {
+ "fetch": {
+ "cross-http.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "cross-http.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "cross-http.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "cross-https.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ]
+ },
+ "websocket": {
+ "cross-ws.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-ws.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-wss.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ]
+ },
+ "worker-classic": {
+ "same-http.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ]
+ },
+ "worker-module": {
+ "same-http.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ]
+ },
+ "xhr": {
+ "cross-http.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "cross-http.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "cross-http.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "cross-https.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ]
+ }
+ }
+ },
"worker-module-data.http-rp": {
"opt-in": {
"fetch": {
@@ -328372,6 +328511,144 @@
]
}
}
+ },
+ "worker-module-inherit.http-rp": {
+ "opt-in": {
+ "fetch": {
+ "cross-http.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "cross-http.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "cross-http.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "cross-https.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ]
+ },
+ "websocket": {
+ "cross-ws.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-ws.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-wss.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ]
+ },
+ "worker-classic": {
+ "same-http.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ]
+ },
+ "worker-module": {
+ "same-http.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ]
+ },
+ "xhr": {
+ "cross-http.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "cross-http.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "cross-http.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "cross-https.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-http.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.keep-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.no-redirect.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ],
+ "same-https.swap-scheme.https.html.headers": [
+ "46e2255e388e9e08377d625b55653a007d59c14e",
+ []
+ ]
+ }
+ }
}
},
"generic": {
@@ -328380,7 +328657,7 @@
[]
],
"spec_json.js": [
- "c36a535f45363654bfd7c8b86f3710995f769f63",
+ "79bd6664b4e10e2018158a3f40f302988d47978c",
[]
],
"test-case.sub.js": [
@@ -328389,7 +328666,7 @@
]
},
"spec.src.json": [
- "16843700da8f314638aafaa517797152cab6f02f",
+ "5d92d77b218dd4477aab4a32c9fd0ad670c6aa85",
[]
]
},
@@ -337379,7 +337656,7 @@
]
},
"spec.src.json": [
- "9063428647a33acfefb5bd35a74f0f080de09510",
+ "47055ab7c1c448c25aef6046570ee4be1e13386f",
[]
]
},
@@ -337397,7 +337674,25 @@
"META.yml": [
"70f3136dd3c022599f81291f348e11c4c7787f44",
[]
- ]
+ ],
+ "path-absolute-endpoint.https.sub.html.sub.headers": [
+ "ec25b28944956813654c2a5ccaa63a6969c63a5d",
+ []
+ ],
+ "resources": {
+ "fail.png": [
+ "b5933803338f770bdb1e6a7d433aeb640be85b08",
+ []
+ ],
+ "report-helper.js": [
+ "a20a9cd3811599540f5dc0a45eff450d17c751ec",
+ []
+ ],
+ "report.py": [
+ "d31b47429eca2d00f19239aecd6beeac3acb8032",
+ []
+ ]
+ }
},
"requestidlecallback": {
"META.yml": [
@@ -337898,7 +338193,7 @@
[]
],
"webxr-test-math-helper.js": [
- "5eff666b70678e3d04a4b316616e8713a3cc58ea",
+ "9f10a9d4b7f76dd903034960770c3e9ecfcd5cac",
[]
],
"webxr-test-math-helper.js.headers": [
@@ -337906,7 +338201,7 @@
[]
],
"webxr-test.js": [
- "dee05d08ff8a87e25e30be8ca53105fcc8667db1",
+ "ddbfd4c83aa00e8cfadd60b9cbe265bab6939b4a",
[]
],
"webxr-test.js.headers": [
@@ -347850,7 +348145,7 @@
[]
],
"requirements_firefox.txt": [
- "d541a49f3c0992c4a456ce4ebb717908683a464e",
+ "c59351ba1a28c84d3db1b95b560988d119393ad3",
[]
],
"requirements_ie.txt": [
@@ -348038,7 +348333,7 @@
[]
],
"base.py": [
- "fef052dd5ab495dad4342e086491723c761edcfd",
+ "a027cf32610a49e61f4141bfb5fce5d051385b3e",
[]
],
"chrome.py": [
@@ -348070,11 +348365,11 @@
[]
],
"firefox.py": [
- "62790181d51e84762cbfdf55c3ecae2255a473b9",
+ "e195fc0cff4aed40fa298e4f01e19a0caa5ce1ac",
[]
],
"firefox_android.py": [
- "0b4832f858ccaf91938ba23c52f618ce8cad8ef4",
+ "50f8504f8e022afbbf91c44399441283cdf8ec3f",
[]
],
"ie.py": [
@@ -348419,7 +348714,7 @@
[]
],
"wptcommandline.py": [
- "59a8c55b4ef9847f08a0ccf4b09f268e9f087aae",
+ "8125700b4bf568fef7065d50b834aa763e22b0ad",
[]
],
"wptlogging.py": [
@@ -348900,6 +349195,10 @@
"aa00fcc15a30ef1f8968be44abc1a9e934a31979",
[]
],
+ "nonsecure-require-trusted-types-for.tentative.html.headers": [
+ "af6596b29a8080e5cd8d688d0d6933caf49a2090",
+ []
+ ],
"require-trusted-types-for-report-only.tentative.https.html.headers": [
"c6412f8d472fcfd6022b0ae485f52b3d3dedd820",
[]
@@ -349486,11 +349785,199 @@
]
}
}
+ },
+ "worker-classic-inherit.http-rp": {
+ "upgrade": {
+ "fetch": {
+ "cross-http-downgrade.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "cross-http-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "cross-https.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-http-downgrade.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-http-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-https.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ]
+ },
+ "websocket": {
+ "cross-ws-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-ws-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ]
+ },
+ "worker-classic": {
+ "same-http-downgrade.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-http-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-https.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ]
+ },
+ "worker-module": {
+ "same-http-downgrade.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-http-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-https.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ]
+ },
+ "xhr": {
+ "cross-http-downgrade.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "cross-http-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "cross-https.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-http-downgrade.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-http-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-https.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ]
+ }
+ }
+ },
+ "worker-module-inherit.http-rp": {
+ "upgrade": {
+ "fetch": {
+ "cross-http-downgrade.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "cross-http-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "cross-https.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-http-downgrade.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-http-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-https.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ]
+ },
+ "websocket": {
+ "cross-ws-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-ws-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ]
+ },
+ "worker-classic": {
+ "same-http-downgrade.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-http-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-https.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ]
+ },
+ "worker-module": {
+ "same-http-downgrade.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-http-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-https.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ]
+ },
+ "xhr": {
+ "cross-http-downgrade.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "cross-http-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "cross-https.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-http-downgrade.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-http-downgrade.no-redirect.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ],
+ "same-https.downgrade.https.html.headers": [
+ "602d9dc38d0a5975e8d40c26daae9329de69840c",
+ []
+ ]
+ }
+ }
}
},
"generic": {
"spec_json.js": [
- "c0ef97148952f32e7c510b8a485f6d2da0e4a177",
+ "fa9ace46dcbdab0256e41a98b98a86eebf11d0c9",
[]
],
"test-case.sub.js": [
@@ -349583,7 +350070,7 @@
}
},
"spec.src.json": [
- "d64315903aa66dd5c9ffd19bf862e96ac26b3a64",
+ "f5198c3189727f77ff4a07a6fd9f32c740f095ae",
[]
],
"support": {
@@ -379726,7 +380213,7 @@
{}
]
],
- "report-clips-sample.html": [
+ "report-clips-sample.https.html": [
"29f6aa409cc5284411bbdb4b5ab88c9a0d806a52",
[
null,
@@ -431519,7 +432006,7 @@
]
],
"cache-storage-reporting.https.html": [
- "d9a23bed3effa4f3492a31eeb255224df106030e",
+ "4ef9eb21d69b35429b7a542b1f9c37a2b5042b18",
[
null,
{
@@ -431609,7 +432096,7 @@
]
],
"reporting.https.html": [
- "95fe047ea9fc6c7fe0bf33170d67df3e33a04544",
+ "f8d8af7a4690d450f3aa098b12bfccde1e928dc6",
[
null,
{
@@ -451157,7 +451644,7 @@
},
"measure-memory": {
"measure-memory-cross-origin-iframe.tentative.window.js": [
- "c8dcbb77edd33fd8c29678eeaedd3792dea172bc",
+ "c65173fe8a0e55143fcb5745f0c456e2aa60da46",
[
"measure-memory/measure-memory-cross-origin-iframe.tentative.window.html",
{
@@ -451179,8 +451666,31 @@
}
]
],
+ "measure-memory-cross-origin-redirecting-iframe.tentative.window.js": [
+ "435477d7f4d758b7d78486f2f001f7ee81767147",
+ [
+ "measure-memory/measure-memory-cross-origin-redirecting-iframe.tentative.window.html",
+ {
+ "script_metadata": [
+ [
+ "script",
+ "/common/get-host-info.sub.js"
+ ],
+ [
+ "script",
+ "./resources/common.js"
+ ],
+ [
+ "timeout",
+ "long"
+ ]
+ ],
+ "timeout": "long"
+ }
+ ]
+ ],
"measure-memory-same-origin-iframe.tentative.window.js": [
- "24700e51c2439671ae10e6fc5a6e2d725906ca59",
+ "05a55c7b3136d2c7099c3b13faf039590d9f77c5",
[
"measure-memory/measure-memory-same-origin-iframe.tentative.window.html",
{
@@ -452955,6 +453465,177 @@
}
}
},
+ "sharedworker-classic.http-rp": {
+ "opt-in": {
+ "fetch": {
+ "cross-http.keep-scheme.https.html": [
+ "3241aead34c39ac11a152aab9533a9498a813383",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.no-redirect.https.html": [
+ "22bc15d57a51ff5f14017e986977841b8bca2d11",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.swap-scheme.https.html": [
+ "b0ba399717be392c0bafe4dfa259e46791878657",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.swap-scheme.https.html": [
+ "65f6ddbadf3851a1f751045ec18b914e319a882c",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.keep-scheme.https.html": [
+ "f9f1aa62b6037edb43c499fe61d2643e4c601e23",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "b3b51be3ccdf9d1fb826cac531420c964a41955e",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.swap-scheme.https.html": [
+ "da19d07b08656862809b7e1099e38e0699511bf8",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "f0d5f1a9b0e539661f4c70b31c5d1473b2deff07",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "b976e9caa6299200bf921e27e6c4270141532da6",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.swap-scheme.https.html": [
+ "7710e60bd7ad2878c8cba938f433da23cad402a9",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws.no-redirect.https.html": [
+ "76adf429684906b8e2546b0ae1c2d5412b08038f",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws.no-redirect.https.html": [
+ "37e9bb911723599e534d1d85f3a2efd2c82bc991",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-wss.no-redirect.https.html": [
+ "2d42204648899c480bd9ccd89b2641fcb1fe28fc",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http.keep-scheme.https.html": [
+ "9d89753d533c230e130fa934dbfd368373438eff",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.no-redirect.https.html": [
+ "5db7dcd879cd2fdb0ad4c0bc6f665b28d8c95ecc",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.swap-scheme.https.html": [
+ "9adbb92cbf5ef91bb2c4a5e1d5f95afa6b387640",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.swap-scheme.https.html": [
+ "7fda4cbc4ab6f5f21361ec705836ffb6280fea07",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.keep-scheme.https.html": [
+ "dc9b7e428de7c38e7cc3ec87ca24bee490787a3b",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "84dd3a173a6782217a2ef79bdf3a0fcb655f4c34",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.swap-scheme.https.html": [
+ "8b00bc6aeb7d75d2bec3d516f4fadebdd5ed1956",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "62b0927077873c6a7ef8e3bd2623231e9e08e906",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "9a4eef44a1289c754c9ad0c30aabf9c5d39e44f0",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.swap-scheme.https.html": [
+ "a1ef6b69932fb2c5b5304d0e412f5f002f2a5bde",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ }
+ },
"sharedworker-module-data.http-rp": {
"opt-in": {
"fetch": {
@@ -453340,6 +454021,177 @@
}
}
},
+ "sharedworker-module.http-rp": {
+ "opt-in": {
+ "fetch": {
+ "cross-http.keep-scheme.https.html": [
+ "a6e2e97bccdf2b680561874fd9c67ed9482bf77a",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.no-redirect.https.html": [
+ "c68737ee235d401bbf4c830090703d480830a228",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.swap-scheme.https.html": [
+ "cd0457e0071e3dbd48ffabec2f5203a3dd0c26a9",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.swap-scheme.https.html": [
+ "c9ff17534ba86f33c450ee057ff747b23a0c740c",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.keep-scheme.https.html": [
+ "bf410443d3a58723de1844be2b2cad6d1afbcd28",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "d2595868872edc2a51de04a5f6eed5e967bf03e2",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.swap-scheme.https.html": [
+ "fb5a3c559ac02701f6eb393fb156f6f038be1a67",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "b5b4d5cf7a25175423385cba78c3181c0722f3eb",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "31a4813a2e957dcd90de442e26030606ffaf69f5",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.swap-scheme.https.html": [
+ "f6a6a888951660a95ecaa8e213b726687f2c00b4",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws.no-redirect.https.html": [
+ "44b9ada9c1a21aa3f946e132be87d9031ec8454c",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws.no-redirect.https.html": [
+ "cb2000264f8a1b4e232179899b55d362a8d12bc9",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-wss.no-redirect.https.html": [
+ "3ae337f1024dd50efefb7b68997dbd41f358f2c9",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http.keep-scheme.https.html": [
+ "d95d066741a7e7cecb572bb59bb8a5dce37a2988",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.no-redirect.https.html": [
+ "20b04dcaa64ec5093c7c0274e00a277a6cdc9c24",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.swap-scheme.https.html": [
+ "bc7bb444e40e99535b65c9077a2117e02c455431",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.swap-scheme.https.html": [
+ "6b0a8edb16353e2ec37118dc94369e740944437a",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.keep-scheme.https.html": [
+ "25bcd55294b04bf2c1b3daa7d5a06854484a9622",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "3742c6e9070e9f6bc94f919098d5be7767866c9d",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.swap-scheme.https.html": [
+ "890ce32e626dd3e9e0b5428e56888f438e2e8f1e",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "e9f45431c679be78b663efb52112abd6e03064a4",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "3e4dc50f752297141b68848a2713fb3b96a9020c",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.swap-scheme.https.html": [
+ "b62ddcc94a0637c036a888a85d898dfd80aa8729",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ }
+ },
"top.http-rp": {
"opt-in": {
"audio-tag": {
@@ -457321,6 +458173,543 @@
}
}
},
+ "worker-classic-inherit.http-rp": {
+ "opt-in": {
+ "fetch": {
+ "cross-http.keep-scheme.https.html": [
+ "167671afeac9199ee2bb7c7a728ffc13d9698f9e",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.no-redirect.https.html": [
+ "07d0a90e2427a6d56f90fc2bfd9057adbac87e43",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.swap-scheme.https.html": [
+ "f02532f28e4c1047c048401904062623044aa3a4",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.swap-scheme.https.html": [
+ "758053974f98113658ef45539b7bed83ccd7fac8",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.keep-scheme.https.html": [
+ "6138b297ef28a7c270c2376a54a1581387fd1aed",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "c819c77a4f3281c877eaa73751a12ce71e77fa2b",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.swap-scheme.https.html": [
+ "aee998f931a74476d929c1e7a8954d4c75e80935",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "b49db878eac472c65cd572ff9a45d8148b5e49a0",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "4efd03465c9b5fe46ea2a51f4d1f827f5493dd0d",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.swap-scheme.https.html": [
+ "354bfcde1238ca2749e5ea0214a86a4e9797aa7e",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws.no-redirect.https.html": [
+ "76ceb7e0c121f81a1170b33e3056824b3b6af1a9",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws.no-redirect.https.html": [
+ "f4c63eb5e56ab92d2b088fe2a05db42910ab97e8",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-wss.no-redirect.https.html": [
+ "a55efd4897df9cacf564dd28088bc21e6101e3c0",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-classic": {
+ "same-http.keep-scheme.https.html": [
+ "62c37525fd39efd010009eaf08ef0307d587ec08",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "a899122ce93dc0fdd848b7ddd6882f43c0b641f2",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "1c12bcc6c261f8d3d3c446049c3cf26e07495af9",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "f8b2261c2a3e9c2a99d05085a8c8e6b3862fced8",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-module": {
+ "same-http.keep-scheme.https.html": [
+ "999ce2075da9c7ccd18fbf5e507eeb70d8db31c9",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "147e1661cede93099db7d4a2736536d10d780812",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "0b03466240af7269234d4f8465ba2b4cb3f5f56b",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "516ddea4f84e694014d28ad9cca9865ca7247bc8",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http.keep-scheme.https.html": [
+ "26646cc32e2dd17ec2e8cf38541ef37e6dbbf848",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.no-redirect.https.html": [
+ "6aebcd83f871a7d89f89913a6a1955fe25125f50",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.swap-scheme.https.html": [
+ "50f17e4df96a1aa8b5993f656374b994f8805f00",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.swap-scheme.https.html": [
+ "2e9259fc3e55ddc1f234886efb94f5706dab23e0",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.keep-scheme.https.html": [
+ "5784f627a0f8508dd10f6f3707ba51ba41580d62",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "a90e61b8b474cf1d080f67cc7f93014ee5a348fc",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.swap-scheme.https.html": [
+ "894ff3f081a93351b3aa03ccd0e8234b9968d879",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "e2c4c3ab9c0a000c65768ad260638e47a6305ca9",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "7685f256994c19a0e819f57f20b5f21db1dc067e",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.swap-scheme.https.html": [
+ "4c3d7d18d631f37caa7fadcf013276300b505b28",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ }
+ },
+ "worker-classic-inherit.meta": {
+ "opt-in": {
+ "fetch": {
+ "cross-http.no-redirect.https.html": [
+ "35cbe860ee8627718b961aef1a245fc26aaa7756",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "88b8a7be6da5eb147a100d691e886c78ce9e094c",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "2d278da082630d5d8bee9420bae323044fa571cb",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws.no-redirect.https.html": [
+ "d54e737804819a43b320cf8a4815df1fbe1bcc1b",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws.no-redirect.https.html": [
+ "6c2d581f18d353687a51921e6a51c52c5f924443",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-wss.no-redirect.https.html": [
+ "370d4af762d5e1ac38b4bf4f9eab2f36969cf7c9",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-classic": {
+ "same-http.no-redirect.https.html": [
+ "a76175a1d83e30e7c6d1a4334651a734122ca2c4",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "65d6185970c7e78d65309afa86a40ed0f24802b0",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-module": {
+ "same-http.no-redirect.https.html": [
+ "84b7a60fd3e9b32eeb1c4b57806c26ed6c62653e",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "b72ca111ad8f02a9a5015706821b319c23374173",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http.no-redirect.https.html": [
+ "35f1a04b66b8f442ccdbc5be73bc5c9b679d9b33",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "ebe959719e99bfb17f456654e0579a782467caa9",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "80841a9c4e505a51cada81497d87dddeddf3adab",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ },
+ "unset": {
+ "fetch": {
+ "cross-http.keep-scheme.https.html": [
+ "2a0139ab31dc9543c0fe618d93045f6bc71f7442",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.no-redirect.https.html": [
+ "c8f33e537b7f11310d05ef86827812e89b8b049f",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.swap-scheme.https.html": [
+ "a6e51b1f64bbcfd65ecd649d2ff20e77de6622dc",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.keep-scheme.https.html": [
+ "41447cee9d8080dabd5b39777de645fe76021ded",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "a7d17f257fbf97db2702700ed9c31a258340c065",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.swap-scheme.https.html": [
+ "1fc527f29c77f278bc36b53f13fccec7b56f3280",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "8c137b284c1fb00343b6d72bed0139b271e5cee3",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "6ea5b0434b051c635629360d8d49a4684eccd6a7",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws.no-redirect.https.html": [
+ "cd89e3874ec587fc287c6720f55e3ea4f0d9476c",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws.no-redirect.https.html": [
+ "bc425d9e508d0d23125cb70fe578f62cb4da88d5",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-wss.no-redirect.https.html": [
+ "c7208db5f55936edadc93a3e1566a4e2e9777f2e",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-classic": {
+ "same-http.keep-scheme.https.html": [
+ "9f3f5ae67dcdbbab1c95391cf33e48dbb3ef2825",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "71834a370cf1877458778ace7c73f8bdd10acbd3",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "f883209bb0bc6bb2753dcd76a74ee5cf13dbc21c",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "d6b0d5676c99db4ec08c9e55953933b770d327a7",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-module": {
+ "same-http.keep-scheme.https.html": [
+ "5a3fe3408c5fab5957d0670acf9cbe975014d183",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "43f355c028b7318c397784b0df2efe8870b4d6a8",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "1710a7239179ad0d6c2f3a3b87530413e82a81fc",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "bc9af1419b421e94c8a7c7d6e0d086687145bc53",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http.keep-scheme.https.html": [
+ "595dea35e28fc0e03b12f9b6fba59f057e7e0d9d",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.no-redirect.https.html": [
+ "86bc76d06f6e6972be824a04fc4f075fc43367ab",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.swap-scheme.https.html": [
+ "58ec420d2bf420318602e80a53b20f1aae93fa67",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.keep-scheme.https.html": [
+ "04e6f11092507e160da4b53ed2a69e7ff9b80c59",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "013fc26c11793828c2d22e39f8ca8383d7e105a5",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.swap-scheme.https.html": [
+ "37e2a3a9c0b748fba327d5708c2198b4c989a5cd",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "6fdf8df7f5132c33b804dac1174a5b27254c3ef8",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "0db3796d49de363418c3c30be70ab10a8fd7a300",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ }
+ },
"worker-module-data.http-rp": {
"opt-in": {
"fetch": {
@@ -457705,6 +459094,543 @@
]
}
}
+ },
+ "worker-module-inherit.http-rp": {
+ "opt-in": {
+ "fetch": {
+ "cross-http.keep-scheme.https.html": [
+ "ee7f92df5fb617a5d78de280ccac3b058b08631f",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.no-redirect.https.html": [
+ "11cf0b3139e1f84e81a9f9b836d7f45644d9f2c9",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.swap-scheme.https.html": [
+ "5d4e1f9e8e9949484776df1bdbd09a511097c360",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.swap-scheme.https.html": [
+ "716b3e4563b9f35088df270470d8040f5f71e86f",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.keep-scheme.https.html": [
+ "2a89687166133c2102b5e10570461c9f58560c36",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "1c32d7b72617ec89feff310c21dcc5d7e791b0ee",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.swap-scheme.https.html": [
+ "7c30ff0069850fc2efa7e578bec3d5d0fdb28020",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "cc767423ad485209c52a9dac425d30379e062842",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "b4ce4f5cbcc15c5f85aa639b204a4813550122e7",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.swap-scheme.https.html": [
+ "44c0c28468b5fafee50936b0408e43d4cb3f8336",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws.no-redirect.https.html": [
+ "f74621467498af2f7ada20b274beacf3830988fd",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws.no-redirect.https.html": [
+ "a94710476d11216adaab0370019ebae3a47b9d1e",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-wss.no-redirect.https.html": [
+ "4fa2886472c94fc6291e550eb2029e4848e79305",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-classic": {
+ "same-http.keep-scheme.https.html": [
+ "c4301ea0f9a08062ebfc0644f12cbf69a98069f0",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "842b0a6b42417d7f97b88f162b9c222d86347309",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "449ab3ea9bff5aace0be4c18c36cf7d9ba90a43e",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "f8a3b43e5c04881e91977785f34fa54d898af164",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-module": {
+ "same-http.keep-scheme.https.html": [
+ "0dd696e36466d1a880842bf8f4de4fe6fa29ffd7",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "09338d42d480af4c36c5091829ef859364a24865",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "24c3462b9b52b148763baf848da7e5ab5cf64ceb",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "41849c90768d90e84dcdafa35f32173809a1d8bc",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http.keep-scheme.https.html": [
+ "0e633f7cc36605802efc11392a6bae614b329ef7",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.no-redirect.https.html": [
+ "5d46b0ac30965203605b3c513012bbd82c288f17",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.swap-scheme.https.html": [
+ "59bca8b2496fa71347e6f45730450fe14ee3829e",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.swap-scheme.https.html": [
+ "06e4eacfb79f610bce5761de81ffa98603cf20a1",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.keep-scheme.https.html": [
+ "15dccaccefe8945790357564018fbb6b1289333f",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "6d915751b87dd3174b7b2cd52709ca472cd4c449",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.swap-scheme.https.html": [
+ "5bff5900c6ee2400cf0027b3ed391c6a51c4f1ae",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "2fbcdfcf4b552b48fec7a4f5a01dcb650a3ebfa9",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "86230051116420dc2d6c1330a5659a1c1384df13",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.swap-scheme.https.html": [
+ "e739804a7e26974c7a9e122f28ab2e586f924978",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ }
+ },
+ "worker-module-inherit.meta": {
+ "opt-in": {
+ "fetch": {
+ "cross-http.no-redirect.https.html": [
+ "a1e27a629fea0148f57826cfe9f44d3cd1a7ee16",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "ecedfa2cf2f90c0f377177d315c6ce3f505c807c",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "cd4f95c16b224f6737b348364026038b53049bc1",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws.no-redirect.https.html": [
+ "1dc7867c2a322b1eb68058de928e38bc1283cfec",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws.no-redirect.https.html": [
+ "cf290a4288a1135d022dce6a581c1c130c313073",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-wss.no-redirect.https.html": [
+ "d04ffa938561c66f51d2a9db711fbb107a95e55e",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-classic": {
+ "same-http.no-redirect.https.html": [
+ "ca6681410a775e98ed1a47ff171ea616ca01b5cf",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "a0d81cd30a78ecd642aa67af4b8bc642be14486e",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-module": {
+ "same-http.no-redirect.https.html": [
+ "9e5e2fc41c604116392f91c2a07970fe56080076",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "35d9495fc8779f5cfff34467695212ce6170bcc4",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http.no-redirect.https.html": [
+ "1bda93c9bdbe7612e2aa63aaf557c6b233fc4cf6",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "e6f04aa1cf41cad944ab3d2ef1207df4058d753b",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "a4ac04256935c922d68ecf79db49172ee8e97263",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ },
+ "unset": {
+ "fetch": {
+ "cross-http.keep-scheme.https.html": [
+ "6b09b996faac14618fd7da4768595eadeba3f89a",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.no-redirect.https.html": [
+ "70b4dac51d2ebb9f4bdb2035d1bd001dcf633710",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.swap-scheme.https.html": [
+ "06120d2f8363c77a520f9a04f29b17e69b757156",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.keep-scheme.https.html": [
+ "27d657f27bb686d07161a346f53f7095fe2d7443",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "6dbfdd50ecef8710f82da3215a1d490a41de5c2a",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.swap-scheme.https.html": [
+ "7e20764c45292d5b8bff1d9faceeafd5579af3ad",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "86c2680c919a1979cc62464cf18bc274df3a1993",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "3fae4c64b7bf89bd767cdd46bcb52b6a036e8506",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws.no-redirect.https.html": [
+ "899891567985548bcac87151c165f1ea27cde1df",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws.no-redirect.https.html": [
+ "8e909d4214f41fe3c13bdf1d3b02c814f8087783",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-wss.no-redirect.https.html": [
+ "3fc935113b1b16a1a707775a87ea45b146dbcefb",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-classic": {
+ "same-http.keep-scheme.https.html": [
+ "9e7d811a817643ccbdb14b54dab2f1fc1b826626",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "4e784ea2e3789912407de70e316e505bf7633ce4",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "e1e1e8fa141ecd0ca0ea0ca44b8a9aeaf022320d",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "b82125ea6bb746f58971a0466cf887127b99d51f",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-module": {
+ "same-http.keep-scheme.https.html": [
+ "3d647f7f0ba094b7119b34cd25d5ac3a03d3fe93",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "731c42554f30680a8fe282b9821bada01da91530",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "4cec52a276afce0e06fecc647eb564920828a857",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "6656c26b62fc86c041c773a7d23df17c67040386",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http.keep-scheme.https.html": [
+ "ecb166c9c456d8b3bb29321c61efa202e2c8a12f",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.no-redirect.https.html": [
+ "4c6dbb0d56eddc7e536875b5592d491706336b1a",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http.swap-scheme.https.html": [
+ "caa9aa15c73043e453c82ebceb811bca22d3d54d",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.keep-scheme.https.html": [
+ "adb8c9e445a098dfec513e05e13c17277b7159e5",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.no-redirect.https.html": [
+ "8f1ebcccc06885d6e4495e9b34d7fb969361b586",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http.swap-scheme.https.html": [
+ "8f7caedf15877b3573a0e175d33abe88cb91835c",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.keep-scheme.https.html": [
+ "d7462ed70048840d83d48436fd2da70a464bfef5",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.no-redirect.https.html": [
+ "1b2234af460b2e647000a41b9b9eb40f7a6f20f6",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ }
}
},
"imageset.https.sub.html": [
@@ -524180,6 +526106,13 @@
"testdriver": true
}
]
+ ],
+ "path-absolute-endpoint.https.sub.html": [
+ "ec06a368e97bdbad1e1df00a9aff55e807d9dd4d",
+ [
+ null,
+ {}
+ ]
]
},
"requestidlecallback": {
@@ -538360,14 +540293,21 @@
]
],
"no-require-trusted-types-for-report-only.tentative.https.html": [
- "56f6295221355dd0c0900f9932222c461c11eda8",
+ "651bf0a7199beab43e4f00d3c72462ffda1905f2",
[
null,
{}
]
],
"no-require-trusted-types-for.tentative.https.html": [
- "3630962ada9dbc230c2d6f9375b8273a6358778b",
+ "651bf0a7199beab43e4f00d3c72462ffda1905f2",
+ [
+ null,
+ {}
+ ]
+ ],
+ "nonsecure-require-trusted-types-for.tentative.html": [
+ "46dae7a966142f4946767ac8ea8784c81f97ce15",
[
null,
{}
@@ -540094,6 +542034,222 @@
}
}
},
+ "sharedworker-classic.http-rp": {
+ "upgrade": {
+ "fetch": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "61b877179b549a79d7c7346c0e580d8e76635253",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "cf33de98270eb2a9cec143b971aec204dcef313d",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "d8cb3879821179c54edbfb9bb56758217b46ccf3",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "f6f20b961c97d094376dbf1e5ce6fb2c1ed037ee",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "ed733b37443e8597614c96e8b44a095886d9e2e3",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "123082b69d02cc439da25662605e12800c21b5e5",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws-downgrade.no-redirect.https.html": [
+ "72bd9333c18d05424677ef3d354f470d6a11d634",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws-downgrade.no-redirect.https.html": [
+ "dcbf07f7ce1ae1de01c280cc5fa5e5bc971481d5",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "bdc7fb2c4593a5aacb30c57741d0b8002b544da6",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "8f18e37f154fafd8cc28ef02538895b7a4078472",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "a43a3168398c8f6dd125bb38186ef924bbd5b4ed",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "c060ae2f6d3121cc2d3c78cf9802221264126587",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "30bea818628c58c4283a0ee3ad5461b6c9797527",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "a6d639790b4af3f22851930b7cf553a3a56fee7c",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ }
+ },
+ "sharedworker-module.http-rp": {
+ "upgrade": {
+ "fetch": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "1369927f37e1642f3cdd444e98c25b8acadd9e31",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "f33ac5c4577df81ade238b6e7ce9fabd7b072ec5",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "305446297d5c38c70723a9c3106076d6cd8b8d75",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "c2db82d541c9cb46f7ba78e5d767a4a97d6ff9f1",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "683d3683aeddd07870a1fdd0aca7582acc08f6cb",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "9f7061ed66c38e512f1bc72b4bf4a994822822c3",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws-downgrade.no-redirect.https.html": [
+ "845eea6de9f8f9d64a8e14849eb02d7875217e9a",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws-downgrade.no-redirect.https.html": [
+ "c982b10aa5e82aabeea7bbd6d079213dfdfaadfa",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "24dc6fcd00c3692941e2c2090cf89f1a0e55f28a",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "1eaa99de10ace990ca71292513c164fe738458ea",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "dd536795ab60b003d5eae2e1a24bafab6ccbba05",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "1d24f759d316f8301d5331c8923a7b9426375b2e",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "0433b4e6f776a43f6dd81fbe16fe2deca94196c1",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "854197395dfd1a6039a5bf0d8cf90379616bbe1a",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ }
+ },
"srcdoc-inherit.meta": {
"unset": {
"fetch": {
@@ -543943,6 +546099,926 @@
]
}
}
+ },
+ "worker-classic-inherit.http-rp": {
+ "upgrade": {
+ "fetch": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "6343f36cb31efcce823d24f4951376517037c301",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "577b857caf53e92ae5626948264ed7627c0247d5",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "e05cc38d22fac4e9388ab92319e6938c7fdc6b76",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "5353e644b5e7e2c06354cf453a5750c00ae2442b",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "eddd8cb2d39299c139c2b504cfdf1cbad83f6d88",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "0f1e15c0900c38781a39b76f9553df149fda6a44",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws-downgrade.no-redirect.https.html": [
+ "2aba803e47e792986ce16f1885e35629f66c6ef0",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws-downgrade.no-redirect.https.html": [
+ "f60d181f433f8f311848d519d9fdf555506f7b47",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-classic": {
+ "same-http-downgrade.downgrade.https.html": [
+ "42ed603827e1affc61aa71f279a090dccfe8f006",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "7a20a8e3fd26951b8f58373ea613a47eecd428a6",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "5a958a08cb6bda70fae8e1b32548cb7aecb7dfc6",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-module": {
+ "same-http-downgrade.downgrade.https.html": [
+ "2c1fb202a49dceac20947136e1290b585d0b4a32",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "9f82d377780cde0856326d7affd670e5d26f9d63",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "72efc132acd141aeb51816858b0a5068a9df5aa3",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "ff1bcf3810bfaaf4cfe2f03be05d48b72ddcfad6",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "41ef5301d9dcbe26cbb36ef0ecb64a295cacd5f3",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "88ae7c1ba97cf3a9e6e0e8c090d7ee0282cfed87",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "4846c1b74bdb6f01cabc41ddf015a0f619436f2d",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "5ac1a65b1631a2b67798c5dce76b29a73058d039",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "72c31fad4bac19e65bd87a7e4ed3ab4b7e43e6fc",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ }
+ },
+ "worker-classic-inherit.meta": {
+ "unset": {
+ "fetch": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "d9755caa89306fcc77e8331a0fee7183599fe516",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "6b817746c5ef7182e6544c4135f4f0807a244e7a",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "cb5ceb285c07f1f72f0f203b42130785e1f3cefe",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "a4f8fa016d4b8c0bcdbdb7967f7b6b9f76904a27",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "c7bd3df7c33524db169fd6dd253b70c932c73bc5",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "e75a0162cdce1bc9e665efee61ef62120a0d3eb8",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws-downgrade.no-redirect.https.html": [
+ "3a65178ee2f0264a9b895834a4681471f6b74da0",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws-downgrade.no-redirect.https.html": [
+ "bd36ad5e61db0ce4734964fcedb956e73603ed64",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-classic": {
+ "same-http-downgrade.downgrade.https.html": [
+ "68248b66d281c4bca1bf70a328cb1f0a3d7fcd72",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "151e39684079a4401bade2199dac96574af2e203",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "6fdc1411389607c443ae54815123014af466a390",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-module": {
+ "same-http-downgrade.downgrade.https.html": [
+ "f168e1ea28b9ec4cbe6d663ba3973724ad5291d8",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "3e42f056f580a10c2e2b8b117005fec0cfcd59fb",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "02723eae64b265e22ac4f03ea9d0d89f10bb1998",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "8a7fe50d9535789c10231b24cec789af8fb38936",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "36b2828c4ad23749e02edac2775cab408c9a52cf",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "b89fdb905665f1382da40f1cf4c094baa636efd6",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "f90e276e3386bfa8114577b2fdc230faeca1870f",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "7cd85dcb51f861d58fc86cd07ed1d53480a6eecc",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "9549a31e854e3487d87b6ef32273c57ea692874e",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ },
+ "upgrade": {
+ "fetch": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "3a45df5b10b0594db3dbd17d3001f83e2e5ba811",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "b7817aab76c10708e210781983ba9e069f7b6a99",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "bbe8f0556d9d1ae412bfc23b543259b9bbdad7b5",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "322d17cffc24b950af5e18a3e2d9a749914c53a9",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "06149273ccd8659de1fd0a943cad69f965557a6b",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "268ceb2a1c3732e424205e5de95411dd2ccf14a4",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws-downgrade.no-redirect.https.html": [
+ "43180322e4fda1aa3d44fff3e9756f6bff6a3664",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws-downgrade.no-redirect.https.html": [
+ "22a41d207319cdf316aea7e3d4fbf43f8ccfdde7",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-classic": {
+ "same-http-downgrade.downgrade.https.html": [
+ "91efc3fe62eb0b8980560d4ec2dd102750781c9b",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "e33fe74f66fcaebdaf9b5667c703c9a4cb0b13d2",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "33ce6b6ec998585faed07c21096d0744f49e17c9",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-module": {
+ "same-http-downgrade.downgrade.https.html": [
+ "33faa24d050bc4884d003804c47f7302aa95c0cc",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "cc4c777cebf9e76b29955bcf4f4a5a13c7a2db89",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "f955230b051d1ac60ef2789adb7ed2a6e3f7e444",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "ab564874fef2f9316089a85e7c0a08e5b21b1e31",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "71b5ca048aa77fcd99db64473e18de1edd61c078",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "e8a08fc0cd8dbd26f5e0d76cedbd2ccc4a39e17f",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "6125ad0c8547c26e00437a0cf15472258b2d2b6c",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "9cf1a16672de9d91da2538a57f1946135c773740",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "b3e64a982b60203b0cdc544baadfd214ab120733",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ }
+ },
+ "worker-module-inherit.http-rp": {
+ "upgrade": {
+ "fetch": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "da211f791b30dfd55fd5fa92984ec5a473fde7bd",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "5168cfed44b95e49e62e9fb2b48582c45f9d5f32",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "4323601eac1a78de91c14ef785825afc698fbfe2",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "f29fa9df3974ace7dd871e6603560db2ef304b12",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "9a7dce98896fc5a8b4c269dffbe7fbe4c0afbd85",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "75268315985dbd50331a54918178524f1e672fc6",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws-downgrade.no-redirect.https.html": [
+ "be9a3489fa196bd042e0a61ad925baf4540d9b3d",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws-downgrade.no-redirect.https.html": [
+ "0f7e54ed5b8005d523159241ca2c995779494899",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-classic": {
+ "same-http-downgrade.downgrade.https.html": [
+ "707fffa985ce014a47564cd4074510a654f9a02e",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "f3e96e7eef8bf6d2f1b5397589946a55b3180d7e",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "3bd618a1318afd896fe2bb11fa064a6c4bda000e",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-module": {
+ "same-http-downgrade.downgrade.https.html": [
+ "3b13bd0ffb1641777796ec514d5f35d0dc0d08b8",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "f5bd175493f64bbfb3cde44f7321937335e62316",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "1a410c337addd7c3f0cb1727f704f8a330953ddc",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "d4c5259281371587d2d9af5558121113ac5343ca",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "4378941e87b9521ac402a367ae0645296c1fd80d",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "b278d26aee134df9bb00da0ef519cdd8f5ee26ca",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "3220dbc607e707b86742ef0e3ea67f1ac6b2db23",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "5b345af1fb8a616e8ed330e4f0464b10beb630e6",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "0b0ed68401b4185f28448aadd818c33956330c5b",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ }
+ },
+ "worker-module-inherit.meta": {
+ "unset": {
+ "fetch": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "112fae83b06b1e4439b31f9bd665e86dfb81bac0",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "b3995f332850066805a04857f35e9411a7ee0be8",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "643d7d22451b72712607a14eab14e583048fda8c",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "5c7db8f999586f9bb69c49f27a876dd4a1652ffa",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "fc1f4c44f87c36435624df00294ca285076dda40",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "bfad8ce5824c449e96505037257c7b25e4cc2554",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws-downgrade.no-redirect.https.html": [
+ "5b286c2c85d80a1e1b1813b9f2f320aed33d5308",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws-downgrade.no-redirect.https.html": [
+ "b257b62b3776522effa335a8ac4693723eaa4b29",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-classic": {
+ "same-http-downgrade.downgrade.https.html": [
+ "41edcee91343cf7331175718fbd3647405dc7ea0",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "c8f80ea5f8eb5bdebfffcd93835dbc539bf775b4",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "e62b99cfe0ccc9c1c89ccf712c5cd4e9e99cca6d",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-module": {
+ "same-http-downgrade.downgrade.https.html": [
+ "9ae603af9560f8262c1ee6a069b2f36a961a0bf1",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "fa6db2386ff0f26b56e90cc61540c48991d70d3b",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "67db42fbaf7a6deac6a289c84c1f05073b58bbbf",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "fd8f1d45ccdd7d753b9ef1b1fc98d253746da05f",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "79a1cc703c9d3a2ba778626e594d27a152171afa",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "9d851b1cbe61cdfe5a316890fc1e56c87d9f8e12",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "c5fd0128ae17e0658b04caa4747e2a9aa0dff011",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "f3d4243421419389bf22c684278990e0a1f9518a",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "d220e187293e23cc3b533887ca90a96a41a3f614",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ },
+ "upgrade": {
+ "fetch": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "fe3315e93c54709439240f89cf829eff5bed96a1",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "2b116132a6968ba1ca7474d64f359c0e6b12ffef",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "218fe6ea34c3e68827aa408cfe95b9d389957146",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "940801d887cfb6cf05fa39939ef7453e17cc3a53",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "7cf5065260c218f7a9378f6c8eb89f961e89021a",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "4074faa3ef27bea9495f273954c4bb3c5dcb13c4",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "websocket": {
+ "cross-ws-downgrade.no-redirect.https.html": [
+ "10244a37560df6e6c188b94d0f3eab55711035dd",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-ws-downgrade.no-redirect.https.html": [
+ "87fc5f47dfab31067e341440071cd8e4cd941127",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-classic": {
+ "same-http-downgrade.downgrade.https.html": [
+ "47530942a202111950bf21ff76ecf16ebdb9f9fa",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "b663ecb63ef8ad69c18abd84b903e2bf0d2fc3e8",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "c9a3b86de328a377db769a380669ffdeabcdb2c7",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "worker-module": {
+ "same-http-downgrade.downgrade.https.html": [
+ "f6845c744759c77c3b57842cc7e051255271fab5",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "15b88d596aed5b241586549386239e1795504b51",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "ee73df98a2e62afc2023da9b138f9c2cb81ce7f6",
+ [
+ null,
+ {}
+ ]
+ ]
+ },
+ "xhr": {
+ "cross-http-downgrade.downgrade.https.html": [
+ "496e66122cf24771c9f8da1a8449cea4e1904b6a",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-http-downgrade.no-redirect.https.html": [
+ "97f713070564743327fadc27d54d0006a322286c",
+ [
+ null,
+ {}
+ ]
+ ],
+ "cross-https.downgrade.https.html": [
+ "3b9fa3d655b7cb8955cfbee7763e1354aeb363a5",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.downgrade.https.html": [
+ "3e1d82ab6399664d4cc2d4ff5f39f0ba5d482a98",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-http-downgrade.no-redirect.https.html": [
+ "8990d9e95157cf3bbf8287ddcde2a2848a5b8c23",
+ [
+ null,
+ {}
+ ]
+ ],
+ "same-https.downgrade.https.html": [
+ "cb7f651df887e2f78eadfe81adeb8677db62cbb8",
+ [
+ null,
+ {}
+ ]
+ ]
+ }
+ }
}
},
"link-upgrade.sub.https.html": [
@@ -547631,7 +550707,7 @@
]
],
"animate.html": [
- "bfe351250ffc28e9681cd2534024eefef33d2fc8",
+ "00e68b429621f65e68285bda2fa04ccb39f3f8e9",
[
null,
{}
@@ -547890,7 +550966,7 @@
]
],
"target.html": [
- "6951682c4d8af29736e1ec655b65e4147aee9538",
+ "30b2ee6f0c8a3b5e371fd9996edfb2590c624d17",
[
null,
{}
@@ -552323,13 +555399,6 @@
{}
]
],
- "RTCPeerConnection-close.html": [
- "74f816bf3fc0c8970582216e82e9eedc3227def1",
- [
- null,
- {}
- ]
- ],
"RTCPeerConnection-connectionState.https.html": [
"9e2f3649aec145f3f8787846c0cd3b9ac74a7a81",
[
@@ -558702,8 +561771,15 @@
]
],
"hit-test": {
+ "ar_hittest_subscription_inputSources.https.html": [
+ "b13d69a0d8442d63edd6657f4999b2b3c2a74c87",
+ [
+ null,
+ {}
+ ]
+ ],
"ar_hittest_subscription_refSpaces.https.html": [
- "d1ce3154e6ce967f0ed8822e4b82dab6aead7dd3",
+ "ecdfab479c7b1033c36eba6f22a3cf379063f174",
[
null,
{}
diff --git a/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-002.html.ini b/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-002.html.ini
new file mode 100644
index 00000000000..f64b45fea6b
--- /dev/null
+++ b/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-002.html.ini
@@ -0,0 +1,4 @@
+[hit-test-floats-002.html]
+ [Hit test float]
+ expected: FAIL
+
diff --git a/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-003.html.ini b/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-003.html.ini
deleted file mode 100644
index f29da48a2a0..00000000000
--- a/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-003.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[hit-test-floats-003.html]
- [Miss float below something else]
- expected: FAIL
-
diff --git a/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-004.html.ini b/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-004.html.ini
deleted file mode 100644
index 4bfb0c2053a..00000000000
--- a/tests/wpt/metadata/css/CSS2/floats/hit-test-floats-004.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[hit-test-floats-004.html]
- [Miss float below something else]
- expected: FAIL
-
diff --git a/tests/wpt/metadata/css/cssom-view/elementFromPoint-001.html.ini b/tests/wpt/metadata/css/cssom-view/elementFromPoint-001.html.ini
new file mode 100644
index 00000000000..e38782d8c85
--- /dev/null
+++ b/tests/wpt/metadata/css/cssom-view/elementFromPoint-001.html.ini
@@ -0,0 +1,4 @@
+[elementFromPoint-001.html]
+ [CSSOM View - 5 - extensions to the Document interface]
+ expected: FAIL
+
diff --git a/tests/wpt/metadata/css/cssom-view/elementsFromPoint-iframes.html.ini b/tests/wpt/metadata/css/cssom-view/elementsFromPoint-iframes.html.ini
index 171592fc08f..6ef8bb1049f 100644
--- a/tests/wpt/metadata/css/cssom-view/elementsFromPoint-iframes.html.ini
+++ b/tests/wpt/metadata/css/cssom-view/elementsFromPoint-iframes.html.ini
@@ -2,3 +2,6 @@
[elementsFromPoint on the root document for points in iframe elements]
expected: FAIL
+ [elementsFromPoint on inner documents]
+ expected: FAIL
+
diff --git a/tests/wpt/metadata/css/cssom-view/elementsFromPoint-invalid-cases.html.ini b/tests/wpt/metadata/css/cssom-view/elementsFromPoint-invalid-cases.html.ini
deleted file mode 100644
index e181af5397f..00000000000
--- a/tests/wpt/metadata/css/cssom-view/elementsFromPoint-invalid-cases.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[elementsFromPoint-invalid-cases.html]
- [The root element is the last element returned for otherwise empty queries within the viewport]
- expected: FAIL
-
diff --git a/tests/wpt/metadata/fetch/content-type/response.window.js.ini b/tests/wpt/metadata/fetch/content-type/response.window.js.ini
index 0dc412ed582..8fe66411890 100644
--- a/tests/wpt/metadata/fetch/content-type/response.window.js.ini
+++ b/tests/wpt/metadata/fetch/content-type/response.window.js.ini
@@ -312,9 +312,6 @@
[fetch(): separate response Content-Type: text/plain ]
expected: NOTRUN
- [<iframe>: combined response Content-Type: */* text/html]
- expected: FAIL
-
[<iframe>: separate response Content-Type: text/html;x=" text/plain]
expected: FAIL
@@ -324,12 +321,12 @@
[<iframe>: combined response Content-Type: text/html;" \\" text/plain]
expected: FAIL
- [<iframe>: combined response Content-Type: text/html;charset=gbk text/plain text/html]
+ [<iframe>: combined response Content-Type: text/html;" text/plain]
expected: FAIL
- [<iframe>: combined response Content-Type: text/html;x=" text/plain]
+ [<iframe>: combined response Content-Type: text/html */*]
expected: FAIL
- [<iframe>: separate response Content-Type: text/plain */*;charset=gbk]
+ [<iframe>: separate response Content-Type: text/plain */*]
expected: FAIL
diff --git a/tests/wpt/metadata/fetch/nosniff/parsing-nosniff.window.js.ini b/tests/wpt/metadata/fetch/nosniff/parsing-nosniff.window.js.ini
index 30e1b851fd4..369bf4d4fa4 100644
--- a/tests/wpt/metadata/fetch/nosniff/parsing-nosniff.window.js.ini
+++ b/tests/wpt/metadata/fetch/nosniff/parsing-nosniff.window.js.ini
@@ -11,3 +11,6 @@
[X-Content-Type-Options%3A%20nosniff%2C%2C%40%23%24%23%25%25%26%5E%26%5E*()()11!]
expected: FAIL
+ [Content-Type-Options%3A%20nosniff]
+ expected: FAIL
+
diff --git a/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_1.html.ini b/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_1.html.ini
new file mode 100644
index 00000000000..87b07c3e670
--- /dev/null
+++ b/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_1.html.ini
@@ -0,0 +1,4 @@
+[traverse_the_history_1.html]
+ [Multiple history traversals from the same task]
+ expected: FAIL
+
diff --git a/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_3.html.ini b/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_3.html.ini
deleted file mode 100644
index 51f8272a6de..00000000000
--- a/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_3.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[traverse_the_history_3.html]
- [Multiple history traversals, last would be aborted]
- expected: FAIL
-
diff --git a/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_4.html.ini b/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_4.html.ini
deleted file mode 100644
index 385376c7321..00000000000
--- a/tests/wpt/metadata/html/browsers/history/the-history-interface/traverse_the_history_4.html.ini
+++ /dev/null
@@ -1,4 +0,0 @@
-[traverse_the_history_4.html]
- [Multiple history traversals, last would be aborted]
- expected: FAIL
-
diff --git a/tests/wpt/metadata/html/interaction/focus/the-autofocus-attribute/supported-elements.html.ini b/tests/wpt/metadata/html/interaction/focus/the-autofocus-attribute/supported-elements.html.ini
index 8b743f36e1d..6b68e9094e4 100644
--- a/tests/wpt/metadata/html/interaction/focus/the-autofocus-attribute/supported-elements.html.ini
+++ b/tests/wpt/metadata/html/interaction/focus/the-autofocus-attribute/supported-elements.html.ini
@@ -1,20 +1,16 @@
[supported-elements.html]
- expected: TIMEOUT
[Contenteditable element should support autofocus]
expected: FAIL
[Element with tabindex should support autofocus]
- expected: TIMEOUT
+ expected: FAIL
[Host element with delegatesFocus including no focusable descendants should be skipped]
- expected: NOTRUN
+ expected: FAIL
[Area element should support autofocus]
- expected: NOTRUN
+ expected: FAIL
[Host element with delegatesFocus should support autofocus]
- expected: NOTRUN
-
- [Non-HTMLElement should not support autofocus]
- expected: NOTRUN
+ expected: FAIL
diff --git a/tests/wpt/metadata/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3.html.ini b/tests/wpt/metadata/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3.html.ini
index 5f60c78e73c..f6a7aca3306 100644
--- a/tests/wpt/metadata/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3.html.ini
+++ b/tests/wpt/metadata/html/semantics/embedded-content/the-iframe-element/iframe_sandbox_popups_escaping-3.html.ini
@@ -1,6 +1,5 @@
[iframe_sandbox_popups_escaping-3.html]
type: testharness
- expected: TIMEOUT
[Check that popups from a sandboxed iframe escape the sandbox if\n allow-popups-to-escape-sandbox is used]
- expected: TIMEOUT
+ expected: FAIL
diff --git a/tests/wpt/metadata/html/semantics/scripting-1/the-script-element/execution-timing/077.html.ini b/tests/wpt/metadata/html/semantics/scripting-1/the-script-element/execution-timing/077.html.ini
new file mode 100644
index 00000000000..bcd2fd0eab8
--- /dev/null
+++ b/tests/wpt/metadata/html/semantics/scripting-1/the-script-element/execution-timing/077.html.ini
@@ -0,0 +1,4 @@
+[077.html]
+ [ adding several types of scripts through the DOM and removing some of them confuses scheduler ]
+ expected: FAIL
+
diff --git a/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/audiobuffersource-multi-channels.html.ini b/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/audiobuffersource-multi-channels.html.ini
index 47eef97b8c3..398a0440052 100644
--- a/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/audiobuffersource-multi-channels.html.ini
+++ b/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/audiobuffersource-multi-channels.html.ini
@@ -56,3 +56,6 @@
[X Rendered audio for channel 5 does not equal [0,0.0626220703125,0.125030517578125,0.18695068359375,0.24810791015625,0.308319091796875,0.3673095703125,0.42486572265625,0.480743408203125,0.53472900390625,0.58660888671875,0.636199951171875,0.68328857421875,0.727691650390625,0.76922607421875,0.8077392578125...\] with an element-wise tolerance of {"absoluteThreshold":0.000030517578125,"relativeThreshold":0}.\n\tIndex\tActual\t\t\tExpected\t\tAbsError\t\tRelError\t\tTest threshold\n\t[1\]\t3.6732959747314453e-1\t6.2622070312500000e-2\t3.0470752716064453e-1\t4.8658168859649127e+0\t3.0517578125000000e-5\n\t[2\]\t6.8329977989196777e-1\t1.2503051757812500e-1\t5.5826926231384277e-1\t4.4650639949963384e+0\t3.0517578125000000e-5\n\t[3\]\t9.0373212099075317e-1\t1.8695068359375000e-1\t7.1678143739700317e-1\t3.8340669508039502e+0\t3.0517578125000000e-5\n\t[4\]\t9.9780619144439697e-1\t2.4810791015625000e-1\t7.4969828128814697e-1\t3.0216621502152523e+0\t3.0517578125000000e-5\n\t[5\]\t9.5236867666244507e-1\t3.0831909179687500e-1\t6.4404958486557007e-1\t2.0889059484187866e+0\t3.0517578125000000e-5\n\t...and 44049 more errors.\n\tMax AbsError of 1.9985756278038025e+0 at index of 16692.\n\t[16692\]\t9.9997943639755249e-1\t-9.9859619140625000e-1\t1.9985756278038025e+0\t2.0013851895322721e+0\t3.0517578125000000e-5\n\tMax RelError of Infinity at index of 10584.\n\t[10584\]\t-5.8778524398803711e-1\t0.0000000000000000e+0\t5.8778524398803711e-1\tInfinity\t3.0517578125000000e-5\n]
expected: FAIL
+ [X Rendered audio for channel 5 does not equal [0,0.0626220703125,0.125030517578125,0.18695068359375,0.24810791015625,0.308319091796875,0.3673095703125,0.42486572265625,0.480743408203125,0.53472900390625,0.58660888671875,0.636199951171875,0.68328857421875,0.727691650390625,0.76922607421875,0.8077392578125...\] with an element-wise tolerance of {"absoluteThreshold":0.000030517578125,"relativeThreshold":0}.\n\tIndex\tActual\t\t\tExpected\t\tAbsError\t\tRelError\t\tTest threshold\n\t[1\]\t3.6732959747314453e-1\t6.2622070312500000e-2\t3.0470752716064453e-1\t4.8658168859649127e+0\t3.0517578125000000e-5\n\t[2\]\t6.8329977989196777e-1\t1.2503051757812500e-1\t5.5826926231384277e-1\t4.4650639949963384e+0\t3.0517578125000000e-5\n\t[3\]\t9.0373212099075317e-1\t1.8695068359375000e-1\t7.1678143739700317e-1\t3.8340669508039502e+0\t3.0517578125000000e-5\n\t[4\]\t9.9780619144439697e-1\t2.4810791015625000e-1\t7.4969828128814697e-1\t3.0216621502152523e+0\t3.0517578125000000e-5\n\t[5\]\t9.5236867666244507e-1\t3.0831909179687500e-1\t6.4404958486557007e-1\t2.0889059484187866e+0\t3.0517578125000000e-5\n\t...and 35250 more errors.\n\tMax AbsError of 1.9986611604690552e+0 at index of 12875.\n\t[12875\]\t-9.9994289875030518e-1\t9.9871826171875000e-1\t1.9986611604690552e+0\t2.0012262087101997e+0\t3.0517578125000000e-5\n\tMax RelError of Infinity at index of 7056.\n\t[7056\]\t5.8778524398803711e-1\t0.0000000000000000e+0\t5.8778524398803711e-1\tInfinity\t3.0517578125000000e-5\n]
+ expected: FAIL
+
diff --git a/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/sub-sample-buffer-stitching.html.ini b/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/sub-sample-buffer-stitching.html.ini
index c1a19445ebb..e98c3cc2169 100644
--- a/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/sub-sample-buffer-stitching.html.ini
+++ b/tests/wpt/metadata/webaudio/the-audio-api/the-audiobuffersourcenode-interface/sub-sample-buffer-stitching.html.ini
@@ -212,3 +212,9 @@
[X Stitched sine-wave buffers at sample rate 44100 does not equal [0,0.06264832615852356,0.12505052983760834,0.18696144223213196,0.24813786149024963,0.308339387178421,0.36732959747314453,0.4248766601085663,0.480754554271698,0.5347436666488647,0.5866320133209229,0.6362156271934509,0.6832997798919678,0.7276994585990906,0.7692402601242065,0.8077589869499207...\] with an element-wise tolerance of {"absoluteThreshold":0.000090957,"relativeThreshold":0}.\n\tIndex\tActual\t\t\tExpected\t\tAbsError\t\tRelError\t\tTest threshold\n\t[31080\]\t2.1915524950344434e-12\t5.6332010030746460e-1\t5.6332010030527302e-1\t9.9999999999610956e-1\t9.0957000000000003e-5\n\t[31081\]\t4.5863097438886938e-41\t6.1397600173950195e-1\t6.1397600173950195e-1\t1.0000000000000000e+0\t9.0957000000000003e-5\n\tMax AbsError of 6.1397600173950195e-1 at index of 31081.\n\tMax RelError of 1.0000000000000000e+0 at index of 31081.\n]
expected: FAIL
+ [X SNR (45.0183797715649 dB) is not greater than or equal to 85.58. Got 45.0183797715649.]
+ expected: FAIL
+
+ [X Stitched sine-wave buffers at sample rate 44100 does not equal [0,0.06264832615852356,0.12505052983760834,0.18696144223213196,0.24813786149024963,0.308339387178421,0.36732959747314453,0.4248766601085663,0.480754554271698,0.5347436666488647,0.5866320133209229,0.6362156271934509,0.6832997798919678,0.7276994585990906,0.7692402601242065,0.8077589869499207...\] with an element-wise tolerance of {"absoluteThreshold":0.000090957,"relativeThreshold":0}.\n\tIndex\tActual\t\t\tExpected\t\tAbsError\t\tRelError\t\tTest threshold\n\t[31080\]\t-3.6768964491784573e-5\t5.6332010030746460e-1\t5.6335686927195638e-1\t1.0000652718844432e+0\t9.0957000000000003e-5\n\t[31081\]\t4.5721566293990131e-41\t6.1397600173950195e-1\t6.1397600173950195e-1\t1.0000000000000000e+0\t9.0957000000000003e-5\n\tMax AbsError of 6.1397600173950195e-1 at index of 31081.\n\tMax RelError of 1.0000652718844432e+0 at index of 31080.\n]
+ expected: FAIL
+
diff --git a/tests/wpt/metadata/webmessaging/with-ports/018.html.ini b/tests/wpt/metadata/webmessaging/with-ports/018.html.ini
new file mode 100644
index 00000000000..663a1f8fa30
--- /dev/null
+++ b/tests/wpt/metadata/webmessaging/with-ports/018.html.ini
@@ -0,0 +1,5 @@
+[018.html]
+ expected: TIMEOUT
+ [origin of the script that invoked the method, javascript:]
+ expected: TIMEOUT
+
diff --git a/tests/wpt/metadata/webmessaging/without-ports/017.html.ini b/tests/wpt/metadata/webmessaging/without-ports/017.html.ini
new file mode 100644
index 00000000000..064cf47545b
--- /dev/null
+++ b/tests/wpt/metadata/webmessaging/without-ports/017.html.ini
@@ -0,0 +1,5 @@
+[017.html]
+ expected: TIMEOUT
+ [origin of the script that invoked the method, about:blank]
+ expected: TIMEOUT
+
diff --git a/tests/wpt/metadata/webxr/hit-test/ar_hittest_subscription_inputSources.https.html.ini b/tests/wpt/metadata/webxr/hit-test/ar_hittest_subscription_inputSources.https.html.ini
new file mode 100644
index 00000000000..670b46927bc
--- /dev/null
+++ b/tests/wpt/metadata/webxr/hit-test/ar_hittest_subscription_inputSources.https.html.ini
@@ -0,0 +1,2 @@
+[ar_hittest_subscription_inputSources.https.html]
+ expected: ERROR
diff --git a/tests/wpt/metadata/workers/shared-worker-in-data-url-context.window.js.ini b/tests/wpt/metadata/workers/shared-worker-in-data-url-context.window.js.ini
index 6d92f8835c6..10dda3a6659 100644
--- a/tests/wpt/metadata/workers/shared-worker-in-data-url-context.window.js.ini
+++ b/tests/wpt/metadata/workers/shared-worker-in-data-url-context.window.js.ini
@@ -1,8 +1,7 @@
[shared-worker-in-data-url-context.window.html]
- expected: TIMEOUT
[Create a shared worker in a data url frame]
- expected: TIMEOUT
+ expected: FAIL
[Create a data url shared worker in a data url frame]
- expected: NOTRUN
+ expected: FAIL
diff --git a/tests/wpt/web-platform-tests/common/security-features/resources/common.sub.js b/tests/wpt/web-platform-tests/common/security-features/resources/common.sub.js
index 83b034205a6..aa6b5ddf23a 100644
--- a/tests/wpt/web-platform-tests/common/security-features/resources/common.sub.js
+++ b/tests/wpt/web-platform-tests/common/security-features/resources/common.sub.js
@@ -1111,19 +1111,19 @@ function invokeRequest(subresource, sourceContextList) {
invoker: invokeFromWorker.bind(undefined, "worker", true, {type: 'module'}),
},
"sharedworker-classic": {
- // Classic dedicated worker loaded from same-origin.
+ // Classic shared worker loaded from same-origin.
invoker: invokeFromWorker.bind(undefined, "sharedworker", false, {}),
},
"sharedworker-classic-data": {
- // Classic dedicated worker loaded from data: URL.
+ // Classic shared worker loaded from data: URL.
invoker: invokeFromWorker.bind(undefined, "sharedworker", true, {}),
},
"sharedworker-module": {
- // Module dedicated worker loaded from same-origin.
+ // Module shared worker loaded from same-origin.
invoker: invokeFromWorker.bind(undefined, "sharedworker", false, {type: 'module'}),
},
"sharedworker-module-data": {
- // Module dedicated worker loaded from data: URL.
+ // Module shared worker loaded from data: URL.
invoker: invokeFromWorker.bind(undefined, "sharedworker", true, {type: 'module'}),
},
};
@@ -1182,7 +1182,7 @@ function invokeFromWorker(workerType, isDataUrl, workerOptions,
if (workerType === "worker") {
const worker = new Worker(url, workerOptions);
worker.postMessage({subresource: subresource,
- sourceContextList: sourceContextList.slice(1)});
+ sourceContextList: sourceContextList.slice(1)});
return bindEvents2(worker, "message", worker, "error", window, "error");
} else if (workerType === "sharedworker") {
const worker = new SharedWorker(url, workerOptions);
diff --git a/tests/wpt/web-platform-tests/common/security-features/scope/worker.py b/tests/wpt/web-platform-tests/common/security-features/scope/worker.py
index bdad52c6a84..716bcb8efff 100644
--- a/tests/wpt/web-platform-tests/common/security-features/scope/worker.py
+++ b/tests/wpt/web-platform-tests/common/security-features/scope/worker.py
@@ -23,6 +23,10 @@ def main(request, response):
elif delivery['deliveryType'] == 'http-rp':
if delivery['key'] == 'referrerPolicy':
maybe_additional_headers['Referrer-Policy'] = delivery['value']
+ elif delivery['key'] == 'mixedContent' and delivery['value'] == 'opt-in':
+ maybe_additional_headers['Content-Security-Policy'] = 'block-all-mixed-content'
+ elif delivery['key'] == 'upgradeInsecureRequests' and delivery['value'] == 'upgrade':
+ maybe_additional_headers['Content-Security-Policy'] = 'upgrade-insecure-requests'
else:
error = 'invalid delivery key for http-rp: %s' % delivery['key']
else:
diff --git a/tests/wpt/web-platform-tests/common/security-features/tools/spec.src.json b/tests/wpt/web-platform-tests/common/security-features/tools/spec.src.json
index 7cf6a06c0f5..0b5d6b7f7a7 100644
--- a/tests/wpt/web-platform-tests/common/security-features/tools/spec.src.json
+++ b/tests/wpt/web-platform-tests/common/security-features/tools/spec.src.json
@@ -182,12 +182,6 @@
"source_context_list_schema": {
// Warning: Currently, some nested patterns of contexts have different
// inheritance rules for different kinds of policies.
- // For example, an HTTP(S) dedicated worker inherits parent's CSP but not
- // parent's referrer policy, and "worker-classic" source_context_list
- // value here reflects the referrer policy spec, not CSP.
- // Perhaps we have to introduce separate source_context_list entries,
- // e.g. "worker-classic-CSP" to test the same nested contexts with
- // different policy inheritance expectations.
// The generated tests will be used to test/investigate the policy
// inheritance rules, and eventually the policy inheritance rules will
// be unified (https://github.com/w3ctag/design-principles/issues/111).
@@ -284,8 +278,8 @@
"subresourcePolicyDeliveries": []
},
"worker-classic": {
- // Warning: This is incompatible with the current CSP spec,
- // so is not applicable to upgrade-insecure-requests and mixed-content tests.
+ // This is applicable to referrer-policy tests.
+ // Use "worker-classic-inherit" for CSP (mixed-content, etc.).
"description": "dedicated workers shouldn't inherit its parent's policy.",
"sourceContextList": [
{
@@ -303,6 +297,26 @@
],
"subresourcePolicyDeliveries": []
},
+ "worker-classic-inherit": {
+ // This is applicable to upgrade-insecure-requests and mixed-content tests.
+ // Use "worker-classic" for referrer-policy.
+ "description": "dedicated workers should inherit its parent's policy.",
+ "sourceContextList": [
+ {
+ "sourceContextType": "top",
+ "policyDeliveries": [
+ "policy"
+ ]
+ },
+ {
+ "sourceContextType": "worker-classic",
+ "policyDeliveries": [
+ "anotherPolicy"
+ ]
+ }
+ ],
+ "subresourcePolicyDeliveries": []
+ },
"worker-classic-data": {
"description": "data: dedicated workers should inherit its parent's policy.",
"sourceContextList": [
@@ -320,8 +334,8 @@
"subresourcePolicyDeliveries": []
},
"worker-module": {
- // Warning: This is incompatible with the current CSP spec,
- // so is not applicable to upgrade-insecure-requests and mixed-content tests.
+ // This is applicable to referrer-policy tests.
+ // Use "worker-module-inherit" for CSP (mixed-content, etc.).
"description": "dedicated workers shouldn't inherit its parent's policy.",
"sourceContextList": [
{
@@ -339,6 +353,26 @@
],
"subresourcePolicyDeliveries": []
},
+ "worker-module-inherit": {
+ // This is applicable to upgrade-insecure-requests and mixed-content tests.
+ // Use "worker-module" for referrer-policy.
+ "description": "dedicated workers should inherit its parent's policy.",
+ "sourceContextList": [
+ {
+ "sourceContextType": "top",
+ "policyDeliveries": [
+ "policy"
+ ]
+ },
+ {
+ "sourceContextType": "worker-module",
+ "policyDeliveries": [
+ "anotherPolicy"
+ ]
+ }
+ ],
+ "subresourcePolicyDeliveries": []
+ },
"worker-module-data": {
"description": "data: dedicated workers should inherit its parent's policy.",
"sourceContextList": [
@@ -355,6 +389,24 @@
],
"subresourcePolicyDeliveries": []
},
+ "sharedworker-classic": {
+ "description": "shared workers shouldn't inherit its parent's policy.",
+ "sourceContextList": [
+ {
+ "sourceContextType": "top",
+ "policyDeliveries": [
+ "anotherPolicy"
+ ]
+ },
+ {
+ "sourceContextType": "sharedworker-classic",
+ "policyDeliveries": [
+ "policy"
+ ]
+ }
+ ],
+ "subresourcePolicyDeliveries": []
+ },
"sharedworker-classic-data": {
"description": "data: shared workers should inherit its parent's policy.",
"sourceContextList": [
@@ -371,6 +423,24 @@
],
"subresourcePolicyDeliveries": []
},
+ "sharedworker-module": {
+ "description": "shared workers shouldn't inherit its parent's policy.",
+ "sourceContextList": [
+ {
+ "sourceContextType": "top",
+ "policyDeliveries": [
+ "anotherPolicy"
+ ]
+ },
+ {
+ "sourceContextType": "sharedworker-module",
+ "policyDeliveries": [
+ "policy"
+ ]
+ }
+ ],
+ "subresourcePolicyDeliveries": []
+ },
"sharedworker-module-data": {
"description": "data: shared workers should inherit its parent's policy.",
"sourceContextList": [
@@ -405,10 +475,14 @@
"iframe",
"iframe-blank-inherit",
"worker-classic",
+ "worker-classic-inherit",
"worker-classic-data",
"worker-module",
+ "worker-module-inherit",
"worker-module-data",
+ "sharedworker-classic",
"sharedworker-classic-data",
+ "sharedworker-module",
"sharedworker-module-data"
],
"redirection": [
diff --git a/tests/wpt/web-platform-tests/common/security-features/tools/util.py b/tests/wpt/web-platform-tests/common/security-features/tools/util.py
index cb89c96e340..88868476e8d 100644
--- a/tests/wpt/web-platform-tests/common/security-features/tools/util.py
+++ b/tests/wpt/web-platform-tests/common/security-features/tools/util.py
@@ -121,7 +121,7 @@ class PolicyDelivery(object):
elif obj == "anotherPolicy":
policy_delivery = target_policy_delivery.get_another_policy(
supported_delivery_types[0])
- elif type(obj) == dict:
+ elif isinstance(obj, dict):
policy_delivery = PolicyDelivery(obj['deliveryType'], obj['key'],
obj['value'])
else:
@@ -148,6 +148,16 @@ class PolicyDelivery(object):
return PolicyDelivery(delivery_type, self.key, 'unsafe-url')
else:
return PolicyDelivery(delivery_type, self.key, 'no-referrer')
+ elif self.key == 'mixedContent':
+ if self.value == 'opt-in':
+ return PolicyDelivery(delivery_type, self.key, None)
+ else:
+ return PolicyDelivery(delivery_type, self.key, 'opt-in')
+ elif self.key == 'upgradeInsecureRequests':
+ if self.value == 'upgrade':
+ return PolicyDelivery(delivery_type, self.key, None)
+ else:
+ return PolicyDelivery(delivery_type, self.key, 'upgrade')
else:
raise Exception('delivery key is invalid: ' + self.key)
diff --git a/tests/wpt/web-platform-tests/content-security-policy/reporting/report-clips-sample.html b/tests/wpt/web-platform-tests/content-security-policy/reporting/report-clips-sample.https.html
similarity index 100%
rename from tests/wpt/web-platform-tests/content-security-policy/reporting/report-clips-sample.html
rename to tests/wpt/web-platform-tests/content-security-policy/reporting/report-clips-sample.https.html
diff --git a/tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.html b/tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.html
index 06495492656..8cadbf72cf7 100644
--- a/tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.html
+++ b/tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.html
@@ -11,14 +11,12 @@
window.onload = function() {
async_test(function(t) {
var iframes = document.getElementsByTagName("iframe");
- trusted_request(t, iframes[0].contentDocument.body, document.body);
+ trusted_request(t, iframes[0].contentDocument.body, iframes[0].contentDocument.body);
iframes[0].contentDocument.onfullscreenchange = t.step_func(function() {
assert_equals(document.fullscreenElement, iframes[0]);
trusted_request(t, iframes[1].contentDocument.body, iframes[0].contentDocument.body);
- iframes[1].contentDocument.onfullscreenchange = t.step_func_done(function() {
- assert_equals(document.fullscreenElement, iframes[1]);
- });
- iframes[1].contentDocument.onfullscreenerror = t.unreached_func("fullscreenchange error");
+ iframes[1].contentDocument.onfullscreenerror = t.unreached_func("fullscreenerror event");
+ iframes[1].contentDocument.onfullscreenchange = t.step_func_done();
});
});
};
diff --git a/tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.tentative.html b/tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.tentative.html
deleted file mode 100644
index 08c420ec024..00000000000
--- a/tests/wpt/web-platform-tests/fullscreen/api/element-ready-check-containing-iframe-manual.tentative.html
+++ /dev/null
@@ -1,29 +0,0 @@
-<!DOCTYPE html>
-<!--
- Tentative, due to:
- https://github.com/whatwg/html/issues/1903
- Once the issue is resolved, this test would replace the corresponding
- non-tentative test (element-ready-check-containing-iframe-manual.html)
--->
-<title>Element ready check for containing iframe</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<script src="../trusted-click.js"></script>
-<div id="log"></div>
-<iframe allowfullscreen></iframe>
-<iframe allowfullscreen></iframe>
-<script>
-// wait for load event to avoid https://bugzil.la/1493878
-window.onload = function() {
- async_test(function(t) {
- var iframes = document.getElementsByTagName("iframe");
- trusted_request(t, iframes[0].contentDocument.body, iframes[0].contentDocument.body);
- iframes[0].contentDocument.onfullscreenchange = t.step_func(function() {
- assert_equals(document.fullscreenElement, iframes[0]);
- trusted_request(t, iframes[1].contentDocument.body, iframes[0].contentDocument.body);
- iframes[1].contentDocument.onfullscreenerror = t.unreached_func("fullscreenerror event");
- iframes[1].contentDocument.onfullscreenchange = t.step_func_done();
- });
- });
-};
-</script>
diff --git a/tests/wpt/web-platform-tests/generic-sensor/generic-sensor-feature-policy-test.sub.js b/tests/wpt/web-platform-tests/generic-sensor/generic-sensor-feature-policy-test.sub.js
index 2a1fba9f83c..20436be8007 100644
--- a/tests/wpt/web-platform-tests/generic-sensor/generic-sensor-feature-policy-test.sub.js
+++ b/tests/wpt/web-platform-tests/generic-sensor/generic-sensor-feature-policy-test.sub.js
@@ -54,7 +54,6 @@ function run_fp_tests_disabled(sensorName) {
}
function run_fp_tests_enabled(sensorName) {
- const sensorType = self[sensorName];
const featureNameList = feature_policies[sensorName];
const header = "Feature-Policy header " + featureNameList.join(" *;") + " *";
const desc = "'new " + sensorName + "()'";
@@ -85,7 +84,6 @@ function run_fp_tests_enabled(sensorName) {
}
function run_fp_tests_enabled_by_attribute(sensorName) {
- const sensorType = self[sensorName];
const featureNameList = feature_policies[sensorName];
const header = "Feature-Policy allow='" + featureNameList.join(" ") + "' attribute";
const desc = "'new " + sensorName + "()'";
@@ -114,7 +112,6 @@ function run_fp_tests_enabled_by_attribute(sensorName) {
}
function run_fp_tests_enabled_by_attribute_redirect_on_load(sensorName) {
- const sensorType = self[sensorName];
const featureNameList = feature_policies[sensorName];
const header = "Feature-Policy allow='" + featureNameList.join(" ") + "' attribute";
const desc = "'new " + sensorName + "()'";
@@ -143,7 +140,6 @@ function run_fp_tests_enabled_by_attribute_redirect_on_load(sensorName) {
}
function run_fp_tests_enabled_on_self_origin(sensorName) {
- const sensorType = self[sensorName];
const featureNameList = feature_policies[sensorName];
const header = "Feature-Policy header " + featureNameList.join(" 'self';") + " 'self'";
const desc = "'new " + sensorName + "()'";
diff --git a/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting.https.html b/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting.https.html
index d9a23bed3ef..4ef9eb21d69 100644
--- a/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting.https.html
+++ b/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/cache-storage-reporting.https.html
@@ -96,11 +96,11 @@ function wait(ms) {
async function fetchReport() {
const fetch_report_path = resource_path + `/report.py?key=${report_token}`;
- for(let i = 0; i<10; ++i) {
+ for(let i = 0; i<20; ++i) {
const response = await fetch(encode(fetch_report_path));
const reports = await response.json();
if (reports.length == 0) {
- wait(100);
+ wait(200);
continue;
}
if (reports.length != 1)
diff --git a/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/reporting.https.html b/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/reporting.https.html
index 95fe047ea9f..f8d8af7a469 100644
--- a/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/reporting.https.html
+++ b/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/reporting.https.html
@@ -318,6 +318,103 @@ async_test(async (t) => {
}
}, 'COEP violation on nested frame navigation');
+async_test(async (t) => {
+ try {
+ const iframe = document.createElement('iframe');
+ t.add_cleanup(() => iframe.remove());
+
+ iframe.src = `resources/reporting-empty-frame.html`
+ document.body.appendChild(iframe);
+ await new Promise(resolve => {
+ iframe.addEventListener('load', resolve, {once: true});
+ });
+ const worker_url = new URL('resources/fetch-in-dedicated-worker.js', location);
+ const worker = new iframe.contentWindow.Worker(worker_url);
+
+ function fetchInWorker(url) {
+ const init = { mode: 'no-cors', cache: 'no-store' };
+ worker.postMessage({url, init});
+ return new Promise((resolve) => {
+ worker.addEventListener('message', resolve);
+ });
+ }
+
+ const suffix = 'subresource-corp-from-dedicated-worker';
+ const sameOriginUrl = `/common/text-plain.txt?${suffix}`;
+ const blockedByPureCorp = `${REMOTE_ORIGIN}${BASE}/nothing-same-origin-corp.txt?${suffix}`;
+ const blockedDueToCoep = `${REMOTE_ORIGIN}/common/text-plain.txt?abc&${suffix}`;
+ const dest = `${REMOTE_ORIGIN}/common/text-plain.txt?xyz&${suffix}`;
+ const redirect = `/common/redirect.py?location=${encodeURIComponent(dest)}&${suffix}`;
+
+ fetchInWorker(sameOriginUrl);
+ fetchInWorker(blockedByPureCorp);
+ fetchInWorker(blockedDueToCoep);
+ fetchInWorker(redirect);
+
+ // Wait 1 seconds for reports to settle.
+ await wait(1000);
+
+ checkReportNonExistence(reports, sameOriginUrl, worker_url.href);
+ checkReportNonExistence(reports, blockedByPureCorp, worker_url.href);
+ checkCorpReportExistence(reports, blockedDueToCoep, worker_url.href);
+ checkCorpReportExistence(reports, redirect, worker_url.href);
+ checkReportNonExistence(reports, dest, worker_url.href);
+ t.done();
+ } catch (e) {
+ t.step(() => { throw e });
+ }
+}, 'subresource requests initiated from DedicatedWorker');
+
+promise_test(async (t) => {
+ const suffix = 'subresource-corp-from-dedicated-worker-via-passthrough-sw';
+ const iframe_src = `resources/reporting-empty-frame.html?passthrough&${suffix}`;
+ // Register a service worker that controls an iframe.
+ const registration = await service_worker_unregister_and_register(
+ t, 'resources/sw.js', iframe_src);
+ t.add_cleanup(() => registration.unregister());
+ await wait_for_state(t, registration.installing, 'activated');
+
+ const iframe = document.createElement('iframe');
+ t.add_cleanup(() => iframe.remove());
+
+ iframe.src = iframe_src;
+ document.body.appendChild(iframe);
+ await new Promise(resolve => {
+ iframe.addEventListener('load', resolve, {once: true});
+ });
+
+ const worker_url = new URL('resources/fetch-in-dedicated-worker.js', location);
+ const worker = new iframe.contentWindow.Worker(worker_url);
+
+ function fetchInWorker(url) {
+ const init = { mode: 'no-cors', cache: 'no-store' };
+ worker.postMessage({url, init});
+ return new Promise((resolve) => {
+ worker.addEventListener('message', resolve);
+ });
+ }
+
+ const sameOriginUrl = `/common/text-plain.txt?${suffix}`;
+ const blockedByPureCorp = `${REMOTE_ORIGIN}${BASE}/nothing-same-origin-corp.txt?${suffix}`;
+ const blockedDueToCoep = `${REMOTE_ORIGIN}/common/text-plain.txt?abc&${suffix}`;
+ const dest = `${REMOTE_ORIGIN}/common/text-plain.txt?xyz&${suffix}`;
+ const redirect = `/common/redirect.py?location=${encodeURIComponent(dest)}&${suffix}`;
+
+ fetchInWorker(sameOriginUrl);
+ fetchInWorker(blockedByPureCorp);
+ fetchInWorker(blockedDueToCoep);
+ fetchInWorker(redirect);
+
+ // Wait 1 seconds for reports to settle.
+ await wait(1000);
+
+ checkReportNonExistence(reports, sameOriginUrl, worker_url.href);
+ checkReportNonExistence(reports, blockedByPureCorp, worker_url.href);
+ checkCorpReportExistence(reports, blockedDueToCoep, worker_url.href);
+ checkCorpReportExistence(reports, redirect, worker_url.href);
+ checkReportNonExistence(reports, dest, worker_url.href);
+}, 'subresource requests initiated from DedicatedWorker controlled by a passthrough service worker');
+
promise_test(async (t) => {
const iframe_src = `resources/reporting-empty-frame.html?passthrough`;
// Register a service worker that controls an iframe.
diff --git a/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/resources/fetch-in-dedicated-worker.js b/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/resources/fetch-in-dedicated-worker.js
new file mode 100644
index 00000000000..bd60d07952c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/html/cross-origin-embedder-policy/resources/fetch-in-dedicated-worker.js
@@ -0,0 +1,6 @@
+self.addEventListener('message', async (e) => {
+ const param = e.data;
+ // Ignore network error.
+ await fetch(param.url, param.init).catch(() => {});
+ self.postMessage(param.url);
+});
diff --git a/tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-iframe.tentative.window.js b/tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-iframe.tentative.window.js
index c8dcbb77edd..c65173fe8a0 100644
--- a/tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-iframe.tentative.window.js
+++ b/tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-iframe.tentative.window.js
@@ -4,11 +4,18 @@
'use strict';
promise_test(async testCase => {
- const frame = document.createElement("iframe");
- const child = getUrl(CROSS_ORIGIN, "resources/child.sub.html");
- const grandchild = getUrl(CROSS_ORIGIN, "resources/grandchild.sub.html");
+ const grandchildLoaded = new Promise(resolve => {
+ window.onmessage = function(message) {
+ if (message.data === 'grandchild-loaded') {
+ resolve(message);
+ }
+ }
+ });
+ const frame = document.createElement('iframe');
+ const child = getUrl(CROSS_ORIGIN, 'resources/child.sub.html');
frame.src = child;
document.body.append(frame);
+ await grandchildLoaded;
try {
let result = await performance.measureMemory();
checkMeasureMemory(result, {
diff --git a/tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-redirecting-iframe.tentative.window.js b/tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-redirecting-iframe.tentative.window.js
new file mode 100644
index 00000000000..435477d7f4d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/measure-memory/measure-memory-cross-origin-redirecting-iframe.tentative.window.js
@@ -0,0 +1,30 @@
+// META: script=/common/get-host-info.sub.js
+// META: script=./resources/common.js
+// META: timeout=long
+'use strict';
+
+promise_test(async testCase => {
+ const grandchildLoaded = new Promise(resolve => {
+ window.onmessage = function(message) {
+ if (message.data === 'grandchild-loaded') {
+ resolve(message);
+ }
+ }
+ });
+ const frame = document.createElement('iframe');
+ const redirecting_child = getUrl(CROSS_ORIGIN, 'resources/redirecting-child.sub.html');
+ frame.src = redirecting_child;
+ document.body.append(frame);
+ await grandchildLoaded;
+ try {
+ let result = await performance.measureMemory();
+ checkMeasureMemory(result, {
+ allowed: [window.location.href, redirecting_child]
+ });
+ } catch (error) {
+ if (!(error instanceof DOMException)) {
+ throw error;
+ }
+ assert_equals(error.name, 'SecurityError');
+ }
+}, 'Well-formed result of performance.measureMemory with cross-origin iframe.');
diff --git a/tests/wpt/web-platform-tests/measure-memory/measure-memory-same-origin-iframe.tentative.window.js b/tests/wpt/web-platform-tests/measure-memory/measure-memory-same-origin-iframe.tentative.window.js
index 24700e51c24..05a55c7b313 100644
--- a/tests/wpt/web-platform-tests/measure-memory/measure-memory-same-origin-iframe.tentative.window.js
+++ b/tests/wpt/web-platform-tests/measure-memory/measure-memory-same-origin-iframe.tentative.window.js
@@ -4,11 +4,19 @@
'use strict';
promise_test(async testCase => {
- const frame = document.createElement("iframe");
- const child = getUrl(SAME_ORIGIN, "resources/child.sub.html");
- const grandchild = getUrl(SAME_ORIGIN, "resources/grandchild.sub.html");
+ const grandchildLoaded = new Promise(resolve => {
+ window.onmessage = function(message) {
+ if (message.data === 'grandchild-loaded') {
+ resolve(message);
+ }
+ }
+ });
+ const frame = document.createElement('iframe');
+ const child = getUrl(SAME_ORIGIN, 'resources/child.sub.html');
+ const grandchild = getUrl(SAME_ORIGIN, 'resources/grandchild.sub.html');
frame.src = child;
document.body.append(frame);
+ await grandchildLoaded;
try {
let result = await performance.measureMemory();
checkMeasureMemory(result, {
diff --git a/tests/wpt/web-platform-tests/measure-memory/resources/child.sub.html b/tests/wpt/web-platform-tests/measure-memory/resources/child.sub.html
index f52b5eefbc5..a0d10e13554 100644
--- a/tests/wpt/web-platform-tests/measure-memory/resources/child.sub.html
+++ b/tests/wpt/web-platform-tests/measure-memory/resources/child.sub.html
@@ -1,6 +1,15 @@
<!doctype html>
<meta charset=utf-8>
<html>
+<script>
+window.onmessage = function (message) {
+ // Forward the message to the parent.
+ window.parent.postMessage(message.data, '*');
+}
+window.onload = function () {
+ window.parent.postMessage('grandchild-loaded', '*');
+}
+</script>
<body>
Hello from child iframe.
<iframe src="grandchild.sub.html"></iframe>
diff --git a/tests/wpt/web-platform-tests/measure-memory/resources/common.js b/tests/wpt/web-platform-tests/measure-memory/resources/common.js
index f7332a86227..1347c5bdb73 100644
--- a/tests/wpt/web-platform-tests/measure-memory/resources/common.js
+++ b/tests/wpt/web-platform-tests/measure-memory/resources/common.js
@@ -1,5 +1,5 @@
-const SAME_ORIGIN = {origin: get_host_info().HTTPS_ORIGIN, name: "SAME_ORIGIN"};
-const CROSS_ORIGIN = {origin: get_host_info().HTTPS_NOTSAMESITE_ORIGIN, name: "CROSS_ORIGIN"}
+const SAME_ORIGIN = {origin: get_host_info().HTTP_ORIGIN, name: "SAME_ORIGIN"};
+const CROSS_ORIGIN = {origin: get_host_info().HTTP_REMOTE_ORIGIN, name: "CROSS_ORIGIN"}
function checkMeasureMemoryBreakdown(breakdown, options) {
let allowed = new Set(options.allowed);
@@ -31,5 +31,5 @@ function checkMeasureMemory(result, options) {
function getUrl(host, relativePath) {
const path = new URL(relativePath, window.location).pathname;
- return `${host.origin}/${path}`;
+ return `${host.origin}${path}`;
}
\ No newline at end of file
diff --git a/tests/wpt/web-platform-tests/measure-memory/resources/grandchild.sub.html b/tests/wpt/web-platform-tests/measure-memory/resources/grandchild.sub.html
index 98522e0649e..0f11bce0e02 100644
--- a/tests/wpt/web-platform-tests/measure-memory/resources/grandchild.sub.html
+++ b/tests/wpt/web-platform-tests/measure-memory/resources/grandchild.sub.html
@@ -1,6 +1,11 @@
<!doctype html>
<meta charset=utf-8>
<html>
+<script>
+window.onload = function () {
+ window.parent.postMessage('grandchild-loaded', '*');
+}
+</script>
<body>
Hello from grandchild iframe.
</body>
diff --git a/tests/wpt/web-platform-tests/measure-memory/resources/redirecting-child.sub.html b/tests/wpt/web-platform-tests/measure-memory/resources/redirecting-child.sub.html
new file mode 100644
index 00000000000..732c5410966
--- /dev/null
+++ b/tests/wpt/web-platform-tests/measure-memory/resources/redirecting-child.sub.html
@@ -0,0 +1,12 @@
+<!doctype html>
+<meta charset=utf-8>
+<html>
+<script>
+window.onload = function () {
+ document.location.href = document.location.href.replace('redirecting-child', 'child');
+}
+</script>
+<body>
+ Hello from child iframe.
+</body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html
new file mode 100644
index 00000000000..3241aead34c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..22bc15d57a5
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html
new file mode 100644
index 00000000000..b0ba399717b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html
new file mode 100644
index 00000000000..65f6ddbadf3
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..f9f1aa62b60
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..b3b51be3ccd
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.swap-scheme.https.html
new file mode 100644
index 00000000000..da19d07b086
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..f0d5f1a9b0e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..b976e9caa62
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.swap-scheme.https.html
new file mode 100644
index 00000000000..7710e60bd7a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/fetch/same-https.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html
new file mode 100644
index 00000000000..76adf429684
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/same-ws.no-redirect.https.html
new file mode 100644
index 00000000000..37e9bb91172
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/same-ws.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/same-wss.no-redirect.https.html
new file mode 100644
index 00000000000..2d422046488
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/websocket/same-wss.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-wss",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html
new file mode 100644
index 00000000000..9d89753d533
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..5db7dcd879c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html
new file mode 100644
index 00000000000..9adbb92cbf5
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html
new file mode 100644
index 00000000000..7fda4cbc4ab
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..dc9b7e428de
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..84dd3a173a6
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.swap-scheme.https.html
new file mode 100644
index 00000000000..8b00bc6aeb7
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..62b09270778
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..9a4eef44a12
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.swap-scheme.https.html
new file mode 100644
index 00000000000..a1ef6b69932
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-classic.http-rp/opt-in/xhr/same-https.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html
new file mode 100644
index 00000000000..a6e2e97bccd
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..c68737ee235
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html
new file mode 100644
index 00000000000..cd0457e0071
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html
new file mode 100644
index 00000000000..c9ff17534ba
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..bf410443d3a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..d2595868872
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.swap-scheme.https.html
new file mode 100644
index 00000000000..fb5a3c559ac
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..b5b4d5cf7a2
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..31a4813a2e9
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.swap-scheme.https.html
new file mode 100644
index 00000000000..f6a6a888951
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/fetch/same-https.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html
new file mode 100644
index 00000000000..44b9ada9c1a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/same-ws.no-redirect.https.html
new file mode 100644
index 00000000000..cb2000264f8
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/same-ws.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/same-wss.no-redirect.https.html
new file mode 100644
index 00000000000..3ae337f1024
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/websocket/same-wss.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-wss",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html
new file mode 100644
index 00000000000..d95d066741a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..20b04dcaa64
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html
new file mode 100644
index 00000000000..bc7bb444e40
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html
new file mode 100644
index 00000000000..6b0a8edb163
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..25bcd55294b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..3742c6e9070
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.swap-scheme.https.html
new file mode 100644
index 00000000000..890ce32e626
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..e9f45431c67
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..3e4dc50f752
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.swap-scheme.https.html
new file mode 100644
index 00000000000..b62ddcc94a0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/sharedworker-module.http-rp/opt-in/xhr/same-https.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html
new file mode 100644
index 00000000000..167671afeac
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..07d0a90e242
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html
new file mode 100644
index 00000000000..f02532f28e4
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html
new file mode 100644
index 00000000000..758053974f9
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..6138b297ef2
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..c819c77a4f3
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html
new file mode 100644
index 00000000000..aee998f931a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..b49db878eac
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..4efd03465c9
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html
new file mode 100644
index 00000000000..354bfcde123
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html
new file mode 100644
index 00000000000..76ceb7e0c12
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html
new file mode 100644
index 00000000000..f4c63eb5e56
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html
new file mode 100644
index 00000000000..a55efd4897d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-wss",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..62c37525fd3
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..a899122ce93
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..1c12bcc6c26
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..f8b2261c2a3
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..999ce2075da
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..147e1661ced
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..0b03466240a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..516ddea4f84
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html
new file mode 100644
index 00000000000..26646cc32e2
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..6aebcd83f87
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html
new file mode 100644
index 00000000000..50f17e4df96
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html
new file mode 100644
index 00000000000..2e9259fc3e5
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..5784f627a0f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..a90e61b8b47
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html
new file mode 100644
index 00000000000..894ff3f081a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..e2c4c3ab9c0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..7685f256994
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html
new file mode 100644
index 00000000000..4c3d7d18d63
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..35cbe860ee8
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/cross-http.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..88b8a7be6da
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/same-http.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..2d278da0826
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/fetch/same-https.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/cross-ws.no-redirect.https.html
new file mode 100644
index 00000000000..d54e7378048
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/cross-ws.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/same-ws.no-redirect.https.html
new file mode 100644
index 00000000000..6c2d581f18d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/same-ws.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/same-wss.no-redirect.https.html
new file mode 100644
index 00000000000..370d4af762d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/websocket/same-wss.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-wss",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-classic/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-classic/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..a76175a1d83
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-classic/same-http.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-classic/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-classic/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..65d6185970c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-classic/same-https.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-module/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-module/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..84b7a60fd3e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-module/same-http.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-module/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-module/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..b72ca111ad8
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/worker-module/same-https.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..35f1a04b66b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/cross-http.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..ebe959719e9
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/same-http.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..80841a9c4e5
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/opt-in/xhr/same-https.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.keep-scheme.https.html
new file mode 100644
index 00000000000..2a0139ab31d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..c8f33e537b7
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.swap-scheme.https.html
new file mode 100644
index 00000000000..a6e51b1f64b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/cross-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..41447cee9d8
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..a7d17f257fb
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.swap-scheme.https.html
new file mode 100644
index 00000000000..1fc527f29c7
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..8c137b284c1
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-https.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..6ea5b0434b0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/fetch/same-https.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/cross-ws.no-redirect.https.html
new file mode 100644
index 00000000000..cd89e3874ec
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/cross-ws.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/same-ws.no-redirect.https.html
new file mode 100644
index 00000000000..bc425d9e508
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/same-ws.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/same-wss.no-redirect.https.html
new file mode 100644
index 00000000000..c7208db5f55
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/websocket/same-wss.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-wss",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..9f3f5ae67dc
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..71834a370cf
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..f883209bb0b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..d6b0d5676c9
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..5a3fe3408c5
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..43f355c028b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..1710a723917
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-https.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..bc9af1419b4
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/worker-module/same-https.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.keep-scheme.https.html
new file mode 100644
index 00000000000..595dea35e28
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..86bc76d06f6
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.swap-scheme.https.html
new file mode 100644
index 00000000000..58ec420d2bf
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/cross-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..04e6f110925
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..013fc26c117
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.swap-scheme.https.html
new file mode 100644
index 00000000000..37e2a3a9c0b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..6fdf8df7f51
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-https.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..0db3796d49d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-classic-inherit.meta/unset/xhr/same-https.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html
new file mode 100644
index 00000000000..ee7f92df5fb
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..11cf0b3139e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html
new file mode 100644
index 00000000000..5d4e1f9e8e9
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-http.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html
new file mode 100644
index 00000000000..716b3e4563b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/cross-https.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..2a896871661
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..1c32d7b7261
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html
new file mode 100644
index 00000000000..7c30ff00698
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-http.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..cc767423ad4
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..b4ce4f5cbcc
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html
new file mode 100644
index 00000000000..44c0c28468b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/fetch/same-https.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html
new file mode 100644
index 00000000000..f7462146749
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/cross-ws.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html
new file mode 100644
index 00000000000..a94710476d1
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-ws.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html
new file mode 100644
index 00000000000..4fa2886472c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-wss",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/websocket/same-wss.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..c4301ea0f9a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..842b0a6b424
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-http.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..449ab3ea9bf
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..f8a3b43e5c0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-classic/same-https.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..0dd696e3646
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..09338d42d48
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-http.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..24c3462b9b5
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..41849c90768
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/worker-module/same-https.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html
new file mode 100644
index 00000000000..0e633f7cc36
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..5d46b0ac309
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html
new file mode 100644
index 00000000000..59bca8b2496
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-http.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html
new file mode 100644
index 00000000000..06e4eacfb79
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/cross-https.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..15dccaccefe
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..6d915751b87
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html
new file mode 100644
index 00000000000..5bff5900c6e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-http.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..2fbcdfcf4b5
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.keep-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..86230051116
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html
new file mode 100644
index 00000000000..e739804a7e2
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-https origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html.headers b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html.headers
new file mode 100644
index 00000000000..46e2255e388
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.http-rp/opt-in/xhr/same-https.swap-scheme.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..a1e27a629fe
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/cross-http.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..ecedfa2cf2f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/same-http.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..cd4f95c16b2
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/fetch/same-https.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/cross-ws.no-redirect.https.html
new file mode 100644
index 00000000000..1dc7867c2a3
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/cross-ws.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/same-ws.no-redirect.https.html
new file mode 100644
index 00000000000..cf290a4288a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/same-ws.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/same-wss.no-redirect.https.html
new file mode 100644
index 00000000000..d04ffa93856
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/websocket/same-wss.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-wss",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-classic/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-classic/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..ca6681410a7
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-classic/same-http.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-classic/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-classic/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..a0d81cd30a7
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-classic/same-https.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-module/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-module/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..9e5e2fc41c6
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-module/same-http.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-module/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-module/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..35d9495fc87
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/worker-module/same-https.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..1bda93c9bdb
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/cross-http.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..e6f04aa1cf4
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/same-http.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..a4ac0425693
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/opt-in/xhr/same-https.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.keep-scheme.https.html
new file mode 100644
index 00000000000..6b09b996faa
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..70b4dac51d2
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.swap-scheme.https.html
new file mode 100644
index 00000000000..06120d2f836
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/cross-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..27d657f27bb
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..6dbfdd50ece
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.swap-scheme.https.html
new file mode 100644
index 00000000000..7e20764c452
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..86c2680c919
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-https.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..3fae4c64b7b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/fetch/same-https.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/cross-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/cross-ws.no-redirect.https.html
new file mode 100644
index 00000000000..89989156798
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/cross-ws.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/same-ws.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/same-ws.no-redirect.https.html
new file mode 100644
index 00000000000..8e909d4214f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/same-ws.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for websocket to same-ws origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-ws",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/same-wss.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/same-wss.no-redirect.https.html
new file mode 100644
index 00000000000..3fc935113b1
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/websocket/same-wss.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for websocket to same-wss origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-wss",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..9e7d811a817
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..4e784ea2e37
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-classic to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..e1e1e8fa141
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-https.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..b82125ea6bb
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-classic/same-https.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-classic to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..3d647f7f0ba
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..731c42554f3
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for worker-module to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..4cec52a276a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-https.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..6656c26b62f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/worker-module/same-https.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for worker-module to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.keep-scheme.https.html
new file mode 100644
index 00000000000..ecb166c9c45
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.no-redirect.https.html
new file mode 100644
index 00000000000..4c6dbb0d56e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.swap-scheme.https.html
new file mode 100644
index 00000000000..caa9aa15c73
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/cross-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to cross-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.keep-scheme.https.html
new file mode 100644
index 00000000000..adb8c9e445a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.no-redirect.https.html
new file mode 100644
index 00000000000..8f1ebcccc06
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.swap-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.swap-scheme.https.html
new file mode 100644
index 00000000000..8f7caedf158
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-http.swap-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Blockable content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of blockable content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+ <meta name="assert" content="Mixed-Content: Expects blocked for xhr to same-http origin and swap-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http",
+ "redirection": "swap-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-https.keep-scheme.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-https.keep-scheme.https.html
new file mode 100644
index 00000000000..d7462ed7004
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-https.keep-scheme.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and keep-scheme redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "keep-scheme",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-https.no-redirect.https.html b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-https.no-redirect.https.html
new file mode 100644
index 00000000000..1b2234af460
--- /dev/null
+++ b/tests/wpt/web-platform-tests/mixed-content/gen/worker-module-inherit.meta/unset/xhr/same-https.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+ <head>
+ <title>Mixed-Content: Allowed content</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="Test behavior of allowed content.">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+ <meta name="assert" content="Mixed-Content: Expects allowed for xhr to same-https origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "mixedContent",
+ "value": "opt-in"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/mixed-content/generic/spec_json.js b/tests/wpt/web-platform-tests/mixed-content/generic/spec_json.js
index c36a535f453..79bd6664b4e 100644
--- a/tests/wpt/web-platform-tests/mixed-content/generic/spec_json.js
+++ b/tests/wpt/web-platform-tests/mixed-content/generic/spec_json.js
@@ -1 +1 @@
-var SPEC_JSON = {"selection_pattern": "%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s", "test_file_path_pattern": "gen/%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s.html", "excluded_tests": [{"name": "Workers are same-origin only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": ["cross-https", "cross-http", "cross-http-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Workers are same-origin only (redirects)", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["swap-origin", "swap-scheme"], "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": "*", "expectation": "*"}, {"name": "Websockets are ws/wss-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "websocket", "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade"], "expectation": "*"}, {"name": "Websockets are no-redirect only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "subresource": "websocket", "origin": "*", "expectation": "*"}, {"name": "ws/wss are websocket-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["area-tag", "a-tag", "fetch", "iframe-tag", "img-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Skip-redundant-no-opt-in", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "http-rp", "delivery_value": null, "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "Skip-redundant-for-opt-in-method", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "meta", "delivery_value": "opt-in", "redirection": ["keep-scheme", "swap-scheme"], "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "source_context_list values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": ["req", "srcdoc-inherit", "srcdoc", "iframe", "iframe-blank-inherit", "worker-classic", "worker-module"], "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "subresource values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["a-tag", "area-tag", "iframe-tag"], "origin": "*", "expectation": "*"}, {"name": "redirections that mixed-content tests don't care", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "downgrade"], "origin": "*", "subresource": "*", "expectation": "*"}], "source_context_schema": {"supported_subresource": {"top": "*", "iframe": "*", "iframe-blank": "*", "srcdoc": "*", "worker-classic": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-module": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-classic-data": ["xhr", "fetch", "websocket"], "worker-module-data": ["xhr", "fetch", "websocket"], "sharedworker-classic": ["xhr", "fetch", "websocket"], "sharedworker-module": ["xhr", "fetch", "websocket"], "sharedworker-classic-data": ["xhr", "fetch", "websocket"], "sharedworker-module-data": ["xhr", "fetch", "websocket"]}, "supported_delivery_type": {"top": ["http-rp", "meta"], "iframe": ["http-rp", "meta"], "iframe-blank": ["meta"], "srcdoc": ["meta"], "worker-classic": ["http-rp"], "worker-module": ["http-rp"], "worker-classic-data": [], "worker-module-data": [], "sharedworker-classic": ["http-rp"], "sharedworker-module": ["http-rp"], "sharedworker-classic-data": [], "sharedworker-module-data": []}}, "source_context_list_schema": {"top": {"description": "Policy set by the top-level Document", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "req": {"description": "Subresource request's policy should override Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": ["nonNullPolicy"]}, "srcdoc-inherit": {"description": "srcdoc iframe without its own policy should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "srcdoc"}], "subresourcePolicyDeliveries": []}, "srcdoc": {"description": "srcdoc iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "srcdoc", "policyDeliveries": ["nonNullPolicy"]}], "subresourcePolicyDeliveries": []}, "iframe": {"description": "external iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "iframe", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "iframe-blank-inherit": {"description": "blank iframe should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "iframe-blank"}], "subresourcePolicyDeliveries": []}, "worker-classic": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-classic", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-classic-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "worker-module": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-module", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-module-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-classic-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-module-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}}, "test_expansion_schema": {"expansion": ["default", "override"], "source_scheme": ["http", "https"], "source_context_list": ["top", "req", "srcdoc-inherit", "srcdoc", "iframe", "iframe-blank-inherit", "worker-classic", "worker-classic-data", "worker-module", "worker-module-data", "sharedworker-classic-data", "sharedworker-module-data"], "redirection": ["no-redirect", "keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade", "same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "subresource": ["a-tag", "area-tag", "audio-tag", "beacon", "fetch", "iframe-tag", "img-tag", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "video-tag", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "delivery_type": ["http-rp", "meta"], "delivery_value": [null, "opt-in"], "expectation": ["allowed", "blocked"]}, "test_description_template": "Mixed-Content: Expects %(expectation)s for %(subresource)s to %(origin)s origin and %(redirection)s redirection from %(source_scheme)s context.", "test_page_title_template": "Mixed-Content: %(title)s", "specification": [{"name": "optionally-blockable", "title": "Optionally-blockable content", "description": "Test behavior of optionally-blockable content", "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", "test_expansion": [{"name": "opt-in-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "*", "subresource": ["audio-tag", "img-tag", "video-tag"], "origin": ["cross-http", "same-http"], "expectation": "blocked"}, {"name": "opt-in-blocks-redirects", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "swap-scheme", "subresource": ["audio-tag", "img-tag", "video-tag"], "origin": ["same-https", "cross-https"], "expectation": "blocked"}, {"name": "no-opt-in-allows", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": null, "redirection": "*", "subresource": ["audio-tag", "img-tag", "video-tag"], "origin": ["cross-http", "same-http"], "expectation": "allowed"}]}, {"name": "blockable", "title": "Blockable content", "description": "Test behavior of blockable content.", "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", "test_expansion": [{"name": "opt-in-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "*", "subresource": ["a-tag", "beacon", "fetch", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["cross-http", "same-http"], "expectation": "blocked"}, {"name": "opt-in-blocks-redirects", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "swap-scheme", "subresource": ["a-tag", "beacon", "fetch", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["same-https", "cross-https"], "expectation": "blocked"}, {"name": "no-opt-in-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": null, "redirection": "*", "subresource": ["a-tag", "beacon", "fetch", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["cross-http", "same-http"], "expectation": "blocked"}, {"name": "ws-downgrade-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "websocket", "origin": ["cross-ws", "same-ws"], "expectation": "blocked"}]}, {"name": "allowed", "title": "Allowed content", "description": "Test behavior of allowed content.", "specification_url": "http://www.w3.org/TR/mixed-content/", "test_expansion": [{"name": "allowed", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["no-redirect", "keep-scheme"], "subresource": "*", "origin": ["same-https"], "expectation": "allowed"}, {"name": "websocket-allowed", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["no-redirect", "keep-scheme"], "subresource": "websocket", "origin": ["same-wss"], "expectation": "allowed"}]}], "delivery_key": "mixedContent", "subresource_schema": {"supported_delivery_type": {"a-tag": [], "area-tag": [], "audio-tag": [], "beacon": [], "fetch": [], "iframe-tag": [], "img-tag": [], "link-css-tag": [], "link-prefetch-tag": [], "object-tag": [], "picture-tag": [], "script-tag": [], "sharedworker-classic": [], "sharedworker-import-data": [], "sharedworker-module": [], "video-tag": [], "websocket": [], "worker-classic": [], "worker-import-data": [], "worker-module": [], "worklet-animation": [], "worklet-animation-import-data": [], "worklet-audio": [], "worklet-audio-import-data": [], "worklet-layout": [], "worklet-layout-import-data": [], "worklet-paint": [], "worklet-paint-import-data": [], "xhr": []}}};
+var SPEC_JSON = {"selection_pattern": "%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s", "test_file_path_pattern": "gen/%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s.html", "excluded_tests": [{"name": "Workers are same-origin only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": ["cross-https", "cross-http", "cross-http-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Workers are same-origin only (redirects)", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["swap-origin", "swap-scheme"], "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": "*", "expectation": "*"}, {"name": "Websockets are ws/wss-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "websocket", "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade"], "expectation": "*"}, {"name": "Websockets are no-redirect only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "subresource": "websocket", "origin": "*", "expectation": "*"}, {"name": "ws/wss are websocket-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["area-tag", "a-tag", "fetch", "iframe-tag", "img-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Skip-redundant-no-opt-in", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "http-rp", "delivery_value": null, "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "Skip-redundant-for-opt-in-method", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "meta", "delivery_value": "opt-in", "redirection": ["keep-scheme", "swap-scheme"], "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "source_context_list values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": ["req", "srcdoc-inherit", "srcdoc", "iframe", "iframe-blank-inherit"], "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "source_context_list values not for CSP tests", "expansion": "*", "source_scheme": "*", "source_context_list": ["worker-classic", "worker-module"], "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "subresource values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["a-tag", "area-tag", "iframe-tag"], "origin": "*", "expectation": "*"}, {"name": "redirections that mixed-content tests don't care", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "downgrade"], "origin": "*", "subresource": "*", "expectation": "*"}], "source_context_schema": {"supported_subresource": {"top": "*", "iframe": "*", "iframe-blank": "*", "srcdoc": "*", "worker-classic": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-module": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-classic-data": ["xhr", "fetch", "websocket"], "worker-module-data": ["xhr", "fetch", "websocket"], "sharedworker-classic": ["xhr", "fetch", "websocket"], "sharedworker-module": ["xhr", "fetch", "websocket"], "sharedworker-classic-data": ["xhr", "fetch", "websocket"], "sharedworker-module-data": ["xhr", "fetch", "websocket"]}, "supported_delivery_type": {"top": ["http-rp", "meta"], "iframe": ["http-rp", "meta"], "iframe-blank": ["meta"], "srcdoc": ["meta"], "worker-classic": ["http-rp"], "worker-module": ["http-rp"], "worker-classic-data": [], "worker-module-data": [], "sharedworker-classic": ["http-rp"], "sharedworker-module": ["http-rp"], "sharedworker-classic-data": [], "sharedworker-module-data": []}}, "source_context_list_schema": {"top": {"description": "Policy set by the top-level Document", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "req": {"description": "Subresource request's policy should override Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": ["nonNullPolicy"]}, "srcdoc-inherit": {"description": "srcdoc iframe without its own policy should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "srcdoc"}], "subresourcePolicyDeliveries": []}, "srcdoc": {"description": "srcdoc iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "srcdoc", "policyDeliveries": ["nonNullPolicy"]}], "subresourcePolicyDeliveries": []}, "iframe": {"description": "external iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "iframe", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "iframe-blank-inherit": {"description": "blank iframe should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "iframe-blank"}], "subresourcePolicyDeliveries": []}, "worker-classic": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-classic", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-classic-inherit": {"description": "dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-classic", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": []}, "worker-classic-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "worker-module": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-module", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-module-inherit": {"description": "dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-module", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": []}, "worker-module-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-classic": {"description": "shared workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "sharedworker-classic", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "sharedworker-classic-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-module": {"description": "shared workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "sharedworker-module", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "sharedworker-module-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}}, "test_expansion_schema": {"expansion": ["default", "override"], "source_scheme": ["http", "https"], "source_context_list": ["top", "req", "srcdoc-inherit", "srcdoc", "iframe", "iframe-blank-inherit", "worker-classic", "worker-classic-inherit", "worker-classic-data", "worker-module", "worker-module-inherit", "worker-module-data", "sharedworker-classic", "sharedworker-classic-data", "sharedworker-module", "sharedworker-module-data"], "redirection": ["no-redirect", "keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade", "same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "subresource": ["a-tag", "area-tag", "audio-tag", "beacon", "fetch", "iframe-tag", "img-tag", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "video-tag", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "delivery_type": ["http-rp", "meta"], "delivery_value": [null, "opt-in"], "expectation": ["allowed", "blocked"]}, "test_description_template": "Mixed-Content: Expects %(expectation)s for %(subresource)s to %(origin)s origin and %(redirection)s redirection from %(source_scheme)s context.", "test_page_title_template": "Mixed-Content: %(title)s", "specification": [{"name": "optionally-blockable", "title": "Optionally-blockable content", "description": "Test behavior of optionally-blockable content", "specification_url": "http://www.w3.org/TR/mixed-content/#category-optionally-blockable", "test_expansion": [{"name": "opt-in-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "*", "subresource": ["audio-tag", "img-tag", "video-tag"], "origin": ["cross-http", "same-http"], "expectation": "blocked"}, {"name": "opt-in-blocks-redirects", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "swap-scheme", "subresource": ["audio-tag", "img-tag", "video-tag"], "origin": ["same-https", "cross-https"], "expectation": "blocked"}, {"name": "no-opt-in-allows", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": null, "redirection": "*", "subresource": ["audio-tag", "img-tag", "video-tag"], "origin": ["cross-http", "same-http"], "expectation": "allowed"}]}, {"name": "blockable", "title": "Blockable content", "description": "Test behavior of blockable content.", "specification_url": "http://www.w3.org/TR/mixed-content/#category-blockable", "test_expansion": [{"name": "opt-in-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "*", "subresource": ["a-tag", "beacon", "fetch", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["cross-http", "same-http"], "expectation": "blocked"}, {"name": "opt-in-blocks-redirects", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "opt-in", "redirection": "swap-scheme", "subresource": ["a-tag", "beacon", "fetch", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["same-https", "cross-https"], "expectation": "blocked"}, {"name": "no-opt-in-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": null, "redirection": "*", "subresource": ["a-tag", "beacon", "fetch", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["cross-http", "same-http"], "expectation": "blocked"}, {"name": "ws-downgrade-blocks", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "websocket", "origin": ["cross-ws", "same-ws"], "expectation": "blocked"}]}, {"name": "allowed", "title": "Allowed content", "description": "Test behavior of allowed content.", "specification_url": "http://www.w3.org/TR/mixed-content/", "test_expansion": [{"name": "allowed", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["no-redirect", "keep-scheme"], "subresource": "*", "origin": ["same-https"], "expectation": "allowed"}, {"name": "websocket-allowed", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["no-redirect", "keep-scheme"], "subresource": "websocket", "origin": ["same-wss"], "expectation": "allowed"}]}], "delivery_key": "mixedContent", "subresource_schema": {"supported_delivery_type": {"a-tag": [], "area-tag": [], "audio-tag": [], "beacon": [], "fetch": [], "iframe-tag": [], "img-tag": [], "link-css-tag": [], "link-prefetch-tag": [], "object-tag": [], "picture-tag": [], "script-tag": [], "sharedworker-classic": [], "sharedworker-import-data": [], "sharedworker-module": [], "video-tag": [], "websocket": [], "worker-classic": [], "worker-import-data": [], "worker-module": [], "worklet-animation": [], "worklet-animation-import-data": [], "worklet-audio": [], "worklet-audio-import-data": [], "worklet-layout": [], "worklet-layout-import-data": [], "worklet-paint": [], "worklet-paint-import-data": [], "xhr": []}}};
diff --git a/tests/wpt/web-platform-tests/mixed-content/spec.src.json b/tests/wpt/web-platform-tests/mixed-content/spec.src.json
index 16843700da8..5d92d77b218 100644
--- a/tests/wpt/web-platform-tests/mixed-content/spec.src.json
+++ b/tests/wpt/web-platform-tests/mixed-content/spec.src.json
@@ -291,9 +291,22 @@
"srcdoc-inherit",
"srcdoc",
"iframe",
- "iframe-blank-inherit",
+ "iframe-blank-inherit"
+ ],
+ "delivery_type": "*",
+ "delivery_value": "*",
+ "redirection": "*",
+ "subresource": "*",
+ "origin": "*",
+ "expectation": "*"
+ },
+ {
+ "name": "source_context_list values not for CSP tests",
+ "expansion": "*",
+ "source_scheme": "*",
+ "source_context_list": [
"worker-classic",
- "worker-module",
+ "worker-module"
],
"delivery_type": "*",
"delivery_value": "*",
diff --git a/tests/wpt/web-platform-tests/referrer-policy/spec.src.json b/tests/wpt/web-platform-tests/referrer-policy/spec.src.json
index 9063428647a..47055ab7c1c 100644
--- a/tests/wpt/web-platform-tests/referrer-policy/spec.src.json
+++ b/tests/wpt/web-platform-tests/referrer-policy/spec.src.json
@@ -690,7 +690,9 @@
"source_scheme": "*",
"source_context_list": [
"iframe-blank-inherit",
+ "sharedworker-classic",
"sharedworker-classic-data",
+ "sharedworker-module",
"sharedworker-module-data",
"worker-classic-data",
"worker-module-data"
@@ -702,6 +704,21 @@
"origin": "*",
"expectation": "*"
},
+ {
+ "name": "source_context_list values not for referrer-policy tests",
+ "expansion": "*",
+ "source_scheme": "*",
+ "source_context_list": [
+ "worker-classic-inherit",
+ "worker-module-inherit"
+ ],
+ "delivery_type": "*",
+ "delivery_value": "*",
+ "redirection": "*",
+ "subresource": "*",
+ "origin": "*",
+ "expectation": "*"
+ }
],
"source_context_schema": {
"supported_delivery_type": {
diff --git a/tests/wpt/web-platform-tests/reporting/path-absolute-endpoint.https.sub.html b/tests/wpt/web-platform-tests/reporting/path-absolute-endpoint.https.sub.html
new file mode 100644
index 00000000000..ec06a368e97
--- /dev/null
+++ b/tests/wpt/web-platform-tests/reporting/path-absolute-endpoint.https.sub.html
@@ -0,0 +1,69 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+ <title>Test that reports are sent when report-endpoint points to path-absolute-url</title>
+ <script src='/resources/testharness.js'></script>
+ <script src='/resources/testharnessreport.js'></script>
+ <script src='resources/report-helper.js'></script>
+</head>
+<body>
+ <script>
+ var t = async_test("Test that image does not load");
+ const base_url = `${location.protocol}//${location.host}`;
+ async_test(function(t) {
+ window.addEventListener("securitypolicyviolation", t.step_func(function(e) {
+ assert_equals(e.blockedURI, `${base_url}/reporting/resources/fail.png`);
+ assert_equals(e.violatedDirective, "img-src");
+ t.done();
+ }));
+ }, "Event is fired");
+
+ async_test(function(t) {
+ var observer = new ReportingObserver(function(reports, observer) {
+ t.step(function() {
+ assert_equals(reports.length, 1);
+
+ // Ensure that the contents of the report are valid.
+
+ assert_equals(reports[0].type, "csp-violation");
+ assert_equals(reports[0].url, location.href);
+ assert_equals(reports[0].body.documentURL, location.href);
+ assert_equals(reports[0].body.referrer, null);
+ assert_equals(reports[0].body.blockedURL,
+ `${base_url}/reporting/resources/fail.png`);
+ assert_equals(reports[0].body.effectiveDirective, "img-src");
+ assert_equals(reports[0].body.originalPolicy,
+ "script-src 'self' 'unsafe-inline'; img-src 'none'; report-to csp-group");
+ assert_equals(reports[0].body.sourceFile, location.href);
+ assert_equals(reports[0].body.sample, null);
+ assert_equals(reports[0].body.disposition, "enforce");
+ assert_equals(reports[0].body.statusCode, 0);
+ assert_equals(reports[0].body.lineNumber, 66);
+ assert_equals(reports[0].body.columnNumber, 0);
+ });
+
+ t.done();
+ });
+ observer.observe();
+ }, "Report is observable to ReportingObserver");
+ </script>
+ <img src='/reporting/resources/fail.png'
+ onload='t.unreached_func("The image should not have loaded");'
+ onerror='t.done();'>
+ <script>
+ async_test(async (t) => {
+ try {
+ const endpoint = `${base_url}/reporting/resources/report.py`;
+ const id = 'd0d517bf-891b-457a-b970-8b2b2c81a0bf';
+ await wait(3000);
+ const reports = await pollReports(endpoint, id);
+ checkReportExists(reports, 'csp-violation', location.href);
+ t.done();
+ } catch (e) {
+ t.step(() => { throw e; });
+ }
+ }, "Reporting endpoints received reports.");
+ </script>
+
+</body>
+</html>
diff --git a/tests/wpt/web-platform-tests/reporting/path-absolute-endpoint.https.sub.html.sub.headers b/tests/wpt/web-platform-tests/reporting/path-absolute-endpoint.https.sub.html.sub.headers
new file mode 100644
index 00000000000..ec25b289449
--- /dev/null
+++ b/tests/wpt/web-platform-tests/reporting/path-absolute-endpoint.https.sub.html.sub.headers
@@ -0,0 +1,2 @@
+Report-To: { "group": "csp-group", "max_age": 10886400, "endpoints": [{ "url": "/reporting/resources/report.py?id=d0d517bf-891b-457a-b970-8b2b2c81a0bf" }] }
+Content-Security-Policy: script-src 'self' 'unsafe-inline'; img-src 'none'; report-to csp-group
diff --git a/tests/wpt/web-platform-tests/reporting/resources/fail.png b/tests/wpt/web-platform-tests/reporting/resources/fail.png
new file mode 100644
index 0000000000000000000000000000000000000000..b5933803338f770bdb1e6a7d433aeb640be85b08
GIT binary patch
literal 759
zcmeAS@N?(olHy`uVBq!ia0vp^D}dO6gAGXb#n?mxDb50q$YKTtZeb8+WSBKa0w~B{
z;_2(kewB-dL*MksU){?<A=whwh!W@g+}zZ>5(ej@)Wnk16ovB4k_?5Aj8p}8Pv3y|
zDXMu43{1J6E{-7;x8BaS%@zq1aX7D`vWR1%iBiXn6*D4KmuwVRZ6Y@7kiW;G{|+bk
zH+(2R(xCX?L14><2`o)qT*vrDTwFI^a1&6Pwe^JVJZH0W=iZ!aso>+;WB&Wzxp#Lr
ze=qv3obAXxQTG&|vjUgaq6Lc<D8VTZ1IUB(p|T);=_RegoMT__+?v_dzw*?q|1CMu
z|1;N}F+Od!^Q~lo(#-V?&Z2U`VTrwxA^(z0)YT6ZCY-sTkrAHddT_C9_~egKvp+9d
z(0hSD#_O5+q>ru%(-ng*s9CbV>HaAFK<$IsGv)&=AQ8{gKVnP_i>FoY{*hPqF?ILD
z<^#JcwAVAXH}p%-vFF*dz1zI`+Sw4HrPYe+2iPCf2_4mRUb-N3bLLF`m&+%A%z3x%
z=AB(W3w1uGde<z>c=Bv{1H0irHW`Mn;=6yJFKM)zyJq{5*^b${ePTsLLZ4Y@s~Tqr
z`(C<tqOUs1j>+a`!d;FJ8prG#{vIedULm>V`W*i!HMiXS8ji22cjw<Ay(8hpnFXaO
z7upY;6uKVs=eV8mil(r-h5ZccwPL<&e28+?{a9+^?)yfZHTSe%g3-+ROK+@Sa89LK
z?Qxxp<L+}7ujiLD)iAyjxl?Ywt1jvPj)fr?;--JEd=P%Hc7NmTX_d2=#F=?EA5dSQ
z|LpLA&wT63c`5`S&!6bIKP+dGRh{eE1-GYbcg{I2dy4aeP()Xue8J5LS{dt4{a!oi
z`^0y<(>!!PCb5YI1_-i>vH~eE14@DTScEzMF$fuUDMZWzCR`x!boFyt=akR{0Mx!f
AX#fBK
literal 0
HcmV?d00001
diff --git a/tests/wpt/web-platform-tests/reporting/resources/report-helper.js b/tests/wpt/web-platform-tests/reporting/resources/report-helper.js
new file mode 100644
index 00000000000..a20a9cd3811
--- /dev/null
+++ b/tests/wpt/web-platform-tests/reporting/resources/report-helper.js
@@ -0,0 +1,22 @@
+function wait(ms) {
+ return new Promise(resolve => step_timeout(resolve, ms));
+}
+
+async function pollReports(endpoint, id) {
+ const res = await fetch(`${endpoint}?id=${id}`, {cache: 'no-store'});
+ const reports = [];
+ if (res.status === 200) {
+ for (const report of await res.json()) {
+ reports.push(report);
+ }
+ }
+ return reports;
+}
+
+function checkReportExists(reports, type, url) {
+ for (const report of reports) {
+ if (report.type !== type) continue;
+ if (report.body.sourceFile === url) return true;
+ }
+ assert_unreached(`A report of ${type} from ${url} is not found.`);
+}
diff --git a/tests/wpt/web-platform-tests/reporting/resources/report.py b/tests/wpt/web-platform-tests/reporting/resources/report.py
new file mode 100644
index 00000000000..d31b47429ec
--- /dev/null
+++ b/tests/wpt/web-platform-tests/reporting/resources/report.py
@@ -0,0 +1,17 @@
+import json
+
+def main(request, response):
+ key = request.GET.first('id')
+
+ # No CORS support for cross-origin reporting endpoints
+ if request.method == 'POST':
+ reports = request.server.stash.take(key) or []
+ for report in json.loads(request.body):
+ reports.append(report)
+ request.server.stash.put(key, reports)
+ return 'done'
+ if request.method == 'GET':
+ return json.dumps(request.server.stash.take(key) or [])
+
+ response.status = 400
+ return 'invalid method'
\ No newline at end of file
diff --git a/tests/wpt/web-platform-tests/resources/chromium/webxr-test-math-helper.js b/tests/wpt/web-platform-tests/resources/chromium/webxr-test-math-helper.js
index 5eff666b706..9f10a9d4b7f 100644
--- a/tests/wpt/web-platform-tests/resources/chromium/webxr-test-math-helper.js
+++ b/tests/wpt/web-platform-tests/resources/chromium/webxr-test-math-helper.js
@@ -219,4 +219,25 @@ class XRMathHelper {
// Actual inverse is `1/det * transposed(comatrix)`:
return XRMathHelper.transpose(result2);
}
+
+ static mul4x4(m1, m2) {
+ if (m1 == null || m2 == null) {
+ return null;
+ }
+
+ const result = Array(16);
+
+ for (let row = 0; row < 4; row++) {
+ for (let col = 0; col < 4; col++) {
+ result[4 * col + row] = 0;
+ for(let i = 0; i < 4; i++) {
+ result[4 * col + row] += m1[4 * i + row] * m2[4 * col + i];
+ }
+ }
+ }
+
+ return result;
+ }
}
+
+XRMathHelper.EPSILON = 0.001;
diff --git a/tests/wpt/web-platform-tests/resources/chromium/webxr-test.js b/tests/wpt/web-platform-tests/resources/chromium/webxr-test.js
index dee05d08ff8..ddbfd4c83aa 100644
--- a/tests/wpt/web-platform-tests/resources/chromium/webxr-test.js
+++ b/tests/wpt/web-platform-tests/resources/chromium/webxr-test.js
@@ -859,7 +859,7 @@ class MockRuntime {
const numerator = dot(sub(point_A, origin), normal);
const denominator = dot(direction, normal);
- if (Math.abs(denominator) < 0.0001) {
+ if (Math.abs(denominator) < XRMathHelper.EPSILON) {
// Planes are nearly parallel - there's either infinitely many intersection points or 0.
// Both cases signify a "no hit" for us.
return null;
@@ -878,13 +878,13 @@ class MockRuntime {
let z_axis = null;
const cos_direction_and_y_axis = dot(direction, y_axis);
- if (Math.abs(cos_direction_and_y_axis) > 0.9999) {
+ if (Math.abs(cos_direction_and_y_axis) > (1 - XRMathHelper.EPSILON)) {
// Ray and the hit test normal are co-linear - try using the 'up' or 'right' vector's projection on the face plane as the Z axis.
// Note: this edge case is currently not covered by the spec.
const up = {x: 0.0, y: 1.0, z: 0.0, w: 0.0};
- const right = {x:1.0, y: 0.0, z: 0.0, w: 0.0};
+ const right = {x: 1.0, y: 0.0, z: 0.0, w: 0.0};
- z_axis = Math.abs(dot(up, y_axis)) > 0.9999
+ z_axis = Math.abs(dot(up, y_axis)) > (1 - XRMathHelper.EPSILON)
? sub(up, mul(dot(right, y_axis), y_axis)) // `up is also co-linear with hit test normal, use `right`
: sub(up, mul(dot(up, y_axis), y_axis)); // `up` is not co-linear with hit test normal, use it
} else {
@@ -932,6 +932,29 @@ class MockRuntime {
}
}
+ _getMojoFromInputSource(mojo_from_viewer, input_source) {
+ if(input_source.target_ray_mode_ === 'gaze') { // XRTargetRayMode::GAZING
+ // If the pointer origin is gaze, then the result is
+ // just mojo_from_viewer.
+ return mojo_from_viewer;
+ } else if(input_source.target_ray_mode_ === 'tracked-pointer') { // XRTargetRayMode:::POINTING
+ // If the pointer origin is tracked-pointer, the result is just
+ // mojo_from_input*input_from_pointer.
+ return XRMathHelper.mul4x4(
+ input_source.mojo_from_input_.matrix,
+ input_source.input_from_pointer_.matrix);
+ } else if(input_source.target_ray_mode_ === 'screen') { // XRTargetRayMode::TAPPING
+ // If the pointer origin is screen, the input_from_pointer is
+ // equivalent to viewer_from_pointer and the result is
+ // mojo_from_viewer*viewer_from_pointer.
+ return XRMathHelper.mul4x4(
+ mojo_from_viewer,
+ input_source.input_from_pointer_.matrix);
+ } else {
+ return null
+ }
+ }
+
_getMojoFromNativeOrigin(nativeOriginInformation) {
const identity = function() {
return [
@@ -942,12 +965,26 @@ class MockRuntime {
];
};
+ const transform = {
+ position: [
+ this.pose_.position.x,
+ this.pose_.position.y,
+ this.pose_.position.z],
+ orientation: [
+ this.pose_.orientation.x,
+ this.pose_.orientation.y,
+ this.pose_.orientation.z,
+ this.pose_.orientation.w],
+ };
+
+ const mojo_from_viewer = getMatrixFromTransform(transform)
+
if (nativeOriginInformation.$tag == device.mojom.XRNativeOriginInformation.Tags.inputSourceId) {
if (!this.input_sources_.has(nativeOriginInformation.inputSourceId)) {
return null;
} else {
const inputSource = this.input_sources_.get(nativeOriginInformation.inputSourceId);
- return inputSource.mojo_from_input_.matrix;
+ return this._getMojoFromInputSource(mojo_from_viewer, inputSource);
}
} else if (nativeOriginInformation.$tag == device.mojom.XRNativeOriginInformation.Tags.referenceSpaceCategory) {
switch (nativeOriginInformation.referenceSpaceCategory) {
@@ -961,18 +998,7 @@ class MockRuntime {
// this.stageParameters_.standingTransform = floor_from_mojo aka native_origin_from_mojo
return XRMathHelper.inverse(this.stageParameters_.standingTransform.matrix);
case device.mojom.XRReferenceSpaceCategory.VIEWER:
- const transform = {
- position: [
- this.pose_.position.x,
- this.pose_.position.y,
- this.pose_.position.z],
- orientation: [
- this.pose_.orientation.x,
- this.pose_.orientation.y,
- this.pose_.orientation.z,
- this.pose_.orientation.w],
- };
- return getMatrixFromTransform(transform); // this.pose_ = mojo_from_viewer
+ return mojo_from_viewer;
case device.mojom.XRReferenceSpaceCategory.BOUNDED_FLOOR:
return null;
case device.mojom.XRReferenceSpaceCategory.UNBOUNDED:
@@ -999,6 +1025,11 @@ class MockXRInputSource {
this.pairedDevice_ = pairedDevice;
this.handedness_ = fakeInputSourceInit.handedness;
this.target_ray_mode_ = fakeInputSourceInit.targetRayMode;
+
+ if(fakeInputSourceInit.pointerOrigin == null) {
+ throw new TypeError("FakeXRInputSourceInit.pointerOrigin is required.");
+ }
+
this.setPointerOrigin(fakeInputSourceInit.pointerOrigin);
this.setProfiles(fakeInputSourceInit.profiles);
diff --git a/tests/wpt/web-platform-tests/tools/wptrunner/requirements_firefox.txt b/tests/wpt/web-platform-tests/tools/wptrunner/requirements_firefox.txt
index d541a49f3c0..c59351ba1a2 100644
--- a/tests/wpt/web-platform-tests/tools/wptrunner/requirements_firefox.txt
+++ b/tests/wpt/web-platform-tests/tools/wptrunner/requirements_firefox.txt
@@ -6,6 +6,6 @@ mozleak==0.2
moznetwork==1.1.0
mozprocess==1.0.0
mozprofile==2.5.0
-mozrunner==7.7.0
+mozrunner==7.8.0
mozversion==2.3.0
psutil==5.7.0
diff --git a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/base.py b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/base.py
index fef052dd5ab..a027cf32610 100644
--- a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/base.py
+++ b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/base.py
@@ -148,10 +148,6 @@ class Browser(object):
"""Boolean indicating whether the browser process is still running"""
pass
- def setup_ssl(self, hosts):
- """Return a certificate to use for tests requiring ssl that will be trusted by the browser"""
- raise NotImplementedError("ssl testing not supported")
-
def cleanup(self):
"""Browser-specific cleanup that is run after the testrun is finished"""
pass
diff --git a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox.py b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox.py
index 62790181d51..e195fc0cff4 100644
--- a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox.py
+++ b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox.py
@@ -4,6 +4,7 @@ import platform
import signal
import subprocess
import sys
+from abc import ABCMeta, abstractmethod
import mozinfo
import mozleak
@@ -96,7 +97,8 @@ def browser_kwargs(test_type, run_info_data, config, **kwargs):
"chaos_mode_flags": kwargs["chaos_mode_flags"],
"config": config,
"browser_channel": kwargs["browser_channel"],
- "headless": kwargs["headless"]}
+ "headless": kwargs["headless"],
+ "preload_browser": kwargs["preload_browser"]}
def executor_kwargs(test_type, server_config, cache_manager, run_info_data,
@@ -202,79 +204,60 @@ def update_properties():
{"os": ["version"], "processor": ["bits"]})
-class FirefoxBrowser(Browser):
- init_timeout = 70
- shutdown_timeout = 70
+class FirefoxInstanceManager(object):
+ __metaclass__ = ABCMeta
- def __init__(self, logger, binary, prefs_root, test_type, extra_prefs=None, debug_info=None,
- symbols_path=None, stackwalk_binary=None, certutil_binary=None,
- ca_certificate_path=None, e10s=False, enable_webrender=False, stackfix_dir=None,
- binary_args=None, timeout_multiplier=None, leak_check=False, asan=False,
- stylo_threads=1, chaos_mode_flags=None, config=None, browser_channel="nightly", headless=None, **kwargs):
- Browser.__init__(self, logger)
+ def __init__(self, logger, binary, binary_args, profile_creator, debug_info,
+ chaos_mode_flags, headless, enable_webrender, stylo_threads,
+ leak_check, stackfix_dir, symbols_path, asan):
+ """Object that manages starting and stopping instances of Firefox."""
+ self.logger = logger
self.binary = binary
- self.prefs_root = prefs_root
- self.test_type = test_type
- self.extra_prefs = extra_prefs
- self.marionette_port = None
- self.runner = None
- self.debug_info = debug_info
- self.profile = None
- self.symbols_path = symbols_path
- self.stackwalk_binary = stackwalk_binary
- self.ca_certificate_path = ca_certificate_path
- self.certutil_binary = certutil_binary
- self.e10s = e10s
- self.enable_webrender = enable_webrender
self.binary_args = binary_args
- self.config = config
- if stackfix_dir:
- self.stack_fixer = get_stack_fixer_function(stackfix_dir,
- self.symbols_path)
- else:
- self.stack_fixer = None
-
- if timeout_multiplier:
- self.init_timeout = self.init_timeout * timeout_multiplier
-
- self.asan = asan
- self.lsan_allowed = None
- self.lsan_max_stack_depth = None
- self.mozleak_allowed = None
- self.mozleak_thresholds = None
- self.leak_check = leak_check
- self.leak_report_file = None
- self.lsan_handler = None
- self.stylo_threads = stylo_threads
+ self.base_profile = profile_creator.create()
+ self.debug_info = debug_info
self.chaos_mode_flags = chaos_mode_flags
- self.browser_channel = browser_channel
self.headless = headless
+ self.enable_webrender = enable_webrender
+ self.stylo_threads = stylo_threads
+ self.leak_check = leak_check
+ self.stackfix_dir = stackfix_dir
+ self.symbols_path = symbols_path
+ self.asan = asan
- def settings(self, test):
- return {"check_leaks": self.leak_check and not test.leaks,
- "lsan_allowed": test.lsan_allowed,
- "lsan_max_stack_depth": test.lsan_max_stack_depth,
- "mozleak_allowed": self.leak_check and test.mozleak_allowed,
- "mozleak_thresholds": self.leak_check and test.mozleak_threshold}
+ self.previous = None
+ self.current = None
- def start(self, group_metadata=None, **kwargs):
- if group_metadata is None:
- group_metadata = {}
+ @abstractmethod
+ def teardown(self, force=False):
+ pass
- self.group_metadata = group_metadata
- self.lsan_allowed = kwargs.get("lsan_allowed")
- self.lsan_max_stack_depth = kwargs.get("lsan_max_stack_depth")
- self.mozleak_allowed = kwargs.get("mozleak_allowed")
- self.mozleak_thresholds = kwargs.get("mozleak_thresholds")
+ @abstractmethod
+ def get(self):
+ """Get a BrowserInstance for a running Firefox.
- if self.marionette_port is None:
- self.marionette_port = get_free_port()
+ This can only be called once per instance, and between calls stop_current()
+ must be called."""
+ pass
- if self.asan:
- self.lsan_handler = mozleak.LSANLeaks(self.logger,
- scope=group_metadata.get("scope", "/"),
- allowed=self.lsan_allowed,
- maxNumRecordedFrames=self.lsan_max_stack_depth)
+ def stop_current(self, force=False):
+ """Shutdown the current instance of Firefox.
+
+ The BrowserInstance remains available through self.previous, since some
+ operations happen after shutdown."""
+ if not self.current:
+ return
+
+ self.current.stop(force)
+ self.previous = self.current
+ self.current = None
+
+ def start(self):
+ """Start an instance of Firefox, returning a BrowserInstance handle"""
+ profile = self.base_profile.clone(self.base_profile.profile)
+
+ marionette_port = get_free_port()
+ profile.set_preferences({"marionette.port": marionette_port})
env = test_environment(xrePath=os.path.dirname(self.binary),
debugger=self.debug_info is not None,
@@ -291,40 +274,6 @@ class FirefoxBrowser(Browser):
else:
env["MOZ_WEBRENDER"] = "0"
- preferences = self.load_prefs()
-
- self.profile = FirefoxProfile(preferences=preferences)
- self.profile.set_preferences({
- "marionette.port": self.marionette_port,
- "network.dns.localDomains": ",".join(self.config.domains_set),
- "dom.file.createInChild": True,
- # TODO: Remove preferences once Firefox 64 is stable (Bug 905404)
- "network.proxy.type": 0,
- "places.history.enabled": False,
- "network.preload": True,
- })
- if self.e10s:
- self.profile.set_preferences({"browser.tabs.remote.autostart": True})
-
- if self.test_type == "reftest":
- self.profile.set_preferences({"layout.interruptible-reflow.enabled": False})
-
- if self.leak_check:
- self.leak_report_file = os.path.join(self.profile.profile, "runtests_leaks_%s.log" % os.getpid())
- if os.path.exists(self.leak_report_file):
- os.remove(self.leak_report_file)
- env["XPCOM_MEM_BLOAT_LOG"] = self.leak_report_file
- else:
- self.leak_report_file = None
-
- # Bug 1262954: winxp + e10s, disable hwaccel
- if (self.e10s and platform.system() in ("Windows", "Microsoft") and
- '5.1' in platform.version()):
- self.profile.set_preferences({"layers.acceleration.disabled": True})
-
- if self.ca_certificate_path is not None:
- self.setup_ssl()
-
args = self.binary_args[:] if self.binary_args else []
args += [cmd_arg("marionette"), "about:blank"]
@@ -332,19 +281,253 @@ class FirefoxBrowser(Browser):
args,
self.debug_info)
- self.runner = FirefoxRunner(profile=self.profile,
- binary=cmd[0],
- cmdargs=cmd[1:],
- env=cast_env(env),
- process_class=ProcessHandler,
- process_args={"processOutputLine": [self.on_output]})
+ if self.leak_check:
+ leak_report_file = os.path.join(profile.profile, "runtests_leaks_%s.log" % os.getpid())
+ if os.path.exists(leak_report_file):
+ os.remove(leak_report_file)
+ env["XPCOM_MEM_BLOAT_LOG"] = leak_report_file
+ else:
+ leak_report_file = None
+
+ output_handler = OutputHandler(self.logger, self.stackfix_dir, self.symbols_path, self.asan)
+ runner = FirefoxRunner(profile=profile,
+ binary=cmd[0],
+ cmdargs=cmd[1:],
+ env=cast_env(env),
+ process_class=ProcessHandler,
+ process_args={"processOutputLine": [output_handler]})
+ instance = BrowserInstance(self.logger, runner, marionette_port,
+ output_handler, leak_report_file)
self.logger.debug("Starting Firefox")
-
- self.runner.start(debug_args=debug_args, interactive=self.debug_info and self.debug_info.interactive)
+ runner.start(debug_args=debug_args, interactive=self.debug_info and self.debug_info.interactive)
self.logger.debug("Firefox Started")
- def load_prefs(self):
+ return instance
+
+
+class SingleInstanceManager(FirefoxInstanceManager):
+ """FirefoxInstanceManager that manages a single Firefox instance"""
+ def get(self):
+ assert not self.current, ("Tried to call get() on InstanceManager that has "
+ "an existing instance")
+ if self.previous:
+ self.previous.cleanup()
+ self.previous = None
+ self.current = self.start()
+ return self.current
+
+ def teardown(self, force=False):
+ for instance, skip_marionette in [self.previous, self.current]:
+ if instance:
+ instance.stop(force)
+ instance.cleanup()
+
+
+class PreloadInstanceManager(FirefoxInstanceManager):
+ def __init__(self, *args, **kwargs):
+ """FirefoxInstanceManager that keeps once Firefox instance preloaded
+ to allow rapid resumption after an instance shuts down."""
+ super(PreloadInstanceManager, self).__init__(*args, **kwargs)
+ self.pending = None
+
+ def get(self):
+ assert not self.current, ("Tried to call get() on InstanceManager that has "
+ "an existing instance")
+ if self.previous:
+ self.previous.cleanup()
+ self.previous = None
+ if not self.pending:
+ self.pending = self.start()
+ self.current = self.pending
+ self.pending = self.start()
+ return self.current
+
+ def teardown(self, force=False):
+ for instance, skip_marionette in [(self.previous, False), (self.current, False), (self.pending, True)]:
+ if instance:
+ instance.stop(force, skip_marionette=skip_marionette)
+ instance.cleanup()
+
+class BrowserInstance(object):
+ shutdown_timeout = 70
+
+ def __init__(self, logger, runner, marionette_port, output_handler, leak_report_file):
+ """Handle to a running Firefox instance"""
+ self.logger = logger
+ self.runner = runner
+ self.marionette_port = marionette_port
+ self.output_handler = output_handler
+ self.leak_report_file = leak_report_file
+
+ def stop(self, force=False, skip_marionette=False):
+ """Stop Firefox"""
+ if self.runner is not None and self.runner.is_running():
+ self.logger.debug("Stopping Firefox %s" % self.pid())
+ shutdown_methods = [(True, lambda: self.runner.wait(self.shutdown_timeout)),
+ (False, lambda: self.runner.stop(signal.SIGTERM)),
+ (False, lambda: self.runner.stop(signal.SIGKILL))]
+ if skip_marionette:
+ shutdown_methods = shutdown_methods[1:]
+ try:
+ # For Firefox we assume that stopping the runner prompts the
+ # browser to shut down. This allows the leak log to be written
+ for clean, stop_f in shutdown_methods:
+ if not force or not clean:
+ retcode = stop_f()
+ if retcode is not None:
+ self.logger.info("Browser exited with return code %s" % retcode)
+ break
+ except OSError:
+ # This can happen on Windows if the process is already dead
+ pass
+ if not skip_marionette:
+ self.output_handler.after_stop()
+
+ def pid(self):
+ if self.runner.process_handler is None:
+ return None
+
+ try:
+ return self.runner.process_handler.pid
+ except AttributeError:
+ return None
+
+ def is_alive(self):
+ if self.runner:
+ return self.runner.is_running()
+ return False
+
+ def cleanup(self):
+ # mozprofile handles deleting the profile when the refcount reaches 0
+ self.runner = None
+
+
+class OutputHandler(object):
+ def __init__(self, logger, stackfix_dir, symbols_path, asan):
+ """Filter for handling Firefox process output.
+
+ This receives Firefox process output in the __call__ function, does
+ any additional processing that's required, and decides whether to log
+ the output. Because the Firefox process can be started before we know
+ which filters are going to be required, we buffer all output until
+ setup() is called. This is responsible for doing the final configuration
+ of the output handlers.
+ """
+
+ self.logger = logger
+ # These are filled in after setup() is called
+ self.instance = None
+
+ self.symbols_path = symbols_path
+ if stackfix_dir:
+ self.stack_fixer = get_stack_fixer_function(stackfix_dir,
+ self.symbols_path)
+ else:
+ self.stack_fixer = None
+ self.asan = asan
+
+ self.lsan_handler = None
+ self.mozleak_allowed = None
+ self.mozleak_thresholds = None
+ self.group_metadata = {}
+
+ self.line_buffer = []
+ self.setup_ran = False
+
+ def setup(self, instance=None, group_metadata=None, lsan_allowed=None,
+ lsan_max_stack_depth=None, mozleak_allowed=None,
+ mozleak_thresholds=None, **kwargs):
+ """Configure the output handler"""
+ self.instance = instance
+
+ if group_metadata is None:
+ group_metadata = {}
+ self.group_metadata = group_metadata
+
+ self.mozleak_allowed = mozleak_allowed
+ self.mozleak_thresholds = mozleak_thresholds
+
+ if self.asan:
+ self.lsan_handler = mozleak.LSANLeaks(self.logger,
+ scope=group_metadata.get("scope", "/"),
+ allowed=lsan_allowed,
+ maxNumRecordedFrames=lsan_max_stack_depth)
+ else:
+ self.lsan_handler = None
+
+ self.setup_ran = True
+
+ for line in self.line_buffer:
+ self.__call__(line)
+ self.line_buffer = []
+
+ def after_stop(self):
+ self.logger.info("PROCESS LEAKS %s" % self.instance.leak_report_file)
+ if self.lsan_handler:
+ self.lsan_handler.process()
+ if self.instance.leak_report_file is not None:
+ # We have to ignore missing leaks in the tab because it can happen that the
+ # content process crashed and in that case we don't want the test to fail.
+ # Ideally we would record which content process crashed and just skip those.
+ mozleak.process_leak_log(
+ self.instance.leak_report_file,
+ leak_thresholds=self.mozleak_thresholds,
+ ignore_missing_leaks=["tab", "gmplugin"],
+ log=self.logger,
+ stack_fixer=self.stack_fixer,
+ scope=self.group_metadata.get("scope"),
+ allowed=self.mozleak_allowed)
+
+ def __call__(self, line):
+ """Write a line of output from the firefox process to the log"""
+ if "GLib-GObject-CRITICAL" in line:
+ return
+ if line:
+ if not self.setup_ran:
+ self.line_buffer.append(line)
+ return
+ data = line.decode("utf8", "replace")
+ if self.stack_fixer:
+ data = self.stack_fixer(data)
+ if self.lsan_handler:
+ data = self.lsan_handler.log(data)
+ if data is not None:
+ self.logger.process_output(self.instance and
+ self.instance.runner.process_handler and
+ self.instance.runner.process_handler.pid,
+ data,
+ command=" ".join(self.instance.runner.command))
+
+
+class ProfileCreator(object):
+ def __init__(self, logger, prefs_root, config, test_type, extra_prefs, e10s,
+ browser_channel, binary, certutil_binary, ca_certificate_path):
+ self.logger = logger
+ self.prefs_root = prefs_root
+ self.config = config
+ self.test_type = test_type
+ self.extra_prefs = extra_prefs
+ self.e10s = e10s
+ self.browser_channel = browser_channel
+ self.ca_certificate_path = ca_certificate_path
+ self.binary = binary
+ self.certutil_binary = certutil_binary
+ self.ca_certificate_path = ca_certificate_path
+
+ def create(self):
+ """Create a Firefox profile and return the mozprofile Profile object pointing at that
+ profile"""
+ preferences = self._load_prefs()
+
+ profile = FirefoxProfile(preferences=preferences)
+ self._set_required_prefs(profile)
+ if self.ca_certificate_path is not None:
+ self._setup_ssl(profile)
+
+ return profile
+
+ def _load_prefs(self):
prefs = Preferences()
pref_paths = []
@@ -378,87 +561,32 @@ class FirefoxBrowser(Browser):
return prefs()
- def stop(self, force=False):
- if self.runner is not None and self.runner.is_running():
- try:
- # For Firefox we assume that stopping the runner prompts the
- # browser to shut down. This allows the leak log to be written
- for clean, stop_f in [(True, lambda: self.runner.wait(self.shutdown_timeout)),
- (False, lambda: self.runner.stop(signal.SIGTERM)),
- (False, lambda: self.runner.stop(signal.SIGKILL))]:
- if not force or not clean:
- retcode = stop_f()
- if retcode is not None:
- self.logger.info("Browser exited with return code %s" % retcode)
- break
- except OSError:
- # This can happen on Windows if the process is already dead
- pass
- self.process_leaks()
- self.logger.debug("stopped")
+ def _set_required_prefs(self, profile):
+ """Set preferences required for wptrunner to function.
- def process_leaks(self):
- self.logger.info("PROCESS LEAKS %s" % self.leak_report_file)
- if self.lsan_handler:
- self.lsan_handler.process()
- if self.leak_report_file is not None:
- mozleak.process_leak_log(
- self.leak_report_file,
- leak_thresholds=self.mozleak_thresholds,
- ignore_missing_leaks=["gmplugin"],
- log=self.logger,
- stack_fixer=self.stack_fixer,
- scope=self.group_metadata.get("scope"),
- allowed=self.mozleak_allowed
- )
+ Note that this doesn't set the marionette port, since we don't always
+ know that at profile creation time. So the caller is responisble for
+ setting that once it's available."""
+ profile.set_preferences({
+ "network.dns.localDomains": ",".join(self.config.domains_set),
+ "dom.file.createInChild": True,
+ # TODO: Remove preferences once Firefox 64 is stable (Bug 905404)
+ "network.proxy.type": 0,
+ "places.history.enabled": False,
+ "network.preload": True,
+ })
+ if self.e10s:
+ profile.set_preferences({"browser.tabs.remote.autostart": True})
- def pid(self):
- if self.runner.process_handler is None:
- return None
+ if self.test_type == "reftest":
+ profile.set_preferences({"layout.interruptible-reflow.enabled": False})
- try:
- return self.runner.process_handler.pid
- except AttributeError:
- return None
+ # Bug 1262954: winxp + e10s, disable hwaccel
+ if (self.e10s and platform.system() in ("Windows", "Microsoft") and
+ "5.1" in platform.version()):
+ self.profile.set_preferences({"layers.acceleration.disabled": True})
- def on_output(self, line):
- """Write a line of output from the firefox process to the log"""
- if "GLib-GObject-CRITICAL" in line:
- return
- if line:
- data = line.decode("utf8", "replace")
- if self.stack_fixer:
- data = self.stack_fixer(data)
- if self.lsan_handler:
- data = self.lsan_handler.log(data)
- if data is not None:
- self.logger.process_output(self.pid(),
- data,
- command=" ".join(self.runner.command))
-
- def is_alive(self):
- if self.runner:
- return self.runner.is_running()
- return False
-
- def cleanup(self, force=False):
- self.stop(force)
-
- def executor_browser(self):
- assert self.marionette_port is not None
- return ExecutorBrowser, {"marionette_port": self.marionette_port}
-
- def check_crash(self, process, test):
- dump_dir = os.path.join(self.profile.profile, "minidumps")
-
- return bool(mozcrash.log_crashes(self.logger,
- dump_dir,
- symbols_path=self.symbols_path,
- stackwalk_binary=self.stackwalk_binary,
- process=process,
- test=test))
-
- def setup_ssl(self):
+ def _setup_ssl(self, profile):
"""Create a certificate database to use in the test profile. This is configured
to trust the CA Certificate that has signed the web-platform.test server
certificate."""
@@ -493,12 +621,12 @@ class FirefoxBrowser(Browser):
stderr=subprocess.STDOUT),
" ".join(cmd))
- pw_path = os.path.join(self.profile.profile, ".crtdbpw")
+ pw_path = os.path.join(profile.profile, ".crtdbpw")
with open(pw_path, "w") as f:
# Use empty password for certificate db
f.write("\n")
- cert_db_path = self.profile.profile
+ cert_db_path = profile.profile
# Create a new certificate db
certutil("-N", "-d", cert_db_path, "-f", pw_path)
@@ -509,3 +637,104 @@ class FirefoxBrowser(Browser):
# List all certs in the database
certutil("-L", "-d", cert_db_path)
+
+
+
+class FirefoxBrowser(Browser):
+ init_timeout = 70
+
+ def __init__(self, logger, binary, prefs_root, test_type, extra_prefs=None, debug_info=None,
+ symbols_path=None, stackwalk_binary=None, certutil_binary=None,
+ ca_certificate_path=None, e10s=False, enable_webrender=False, stackfix_dir=None,
+ binary_args=None, timeout_multiplier=None, leak_check=False, asan=False,
+ stylo_threads=1, chaos_mode_flags=None, config=None, browser_channel="nightly",
+ headless=None, preload_browser=False, **kwargs):
+ Browser.__init__(self, logger)
+
+ self.logger = logger
+
+ if timeout_multiplier:
+ self.init_timeout = self.init_timeout * timeout_multiplier
+
+ self.instance = None
+
+ self.stackfix_dir = stackfix_dir
+ self.symbols_path = symbols_path
+ self.stackwalk_binary = stackwalk_binary
+
+ self.asan = asan
+ self.leak_check = leak_check
+
+ profile_creator = ProfileCreator(logger,
+ prefs_root,
+ config,
+ test_type,
+ extra_prefs,
+ e10s,
+ browser_channel,
+ binary,
+ certutil_binary,
+ ca_certificate_path)
+
+ if preload_browser:
+ instance_manager_cls = PreloadInstanceManager
+ else:
+ instance_manager_cls = SingleInstanceManager
+ self.instance_manager = instance_manager_cls(logger,
+ binary,
+ binary_args,
+ profile_creator,
+ debug_info,
+ chaos_mode_flags,
+ headless,
+ enable_webrender,
+ stylo_threads,
+ leak_check,
+ stackfix_dir,
+ symbols_path,
+ asan)
+
+
+ def settings(self, test):
+ return {"check_leaks": self.leak_check and not test.leaks,
+ "lsan_allowed": test.lsan_allowed,
+ "lsan_max_stack_depth": test.lsan_max_stack_depth,
+ "mozleak_allowed": self.leak_check and test.mozleak_allowed,
+ "mozleak_thresholds": self.leak_check and test.mozleak_threshold}
+
+ def start(self, group_metadata=None, **kwargs):
+ self.instance = self.instance_manager.get()
+ self.instance.output_handler.setup(self.instance,
+ group_metadata,
+ **kwargs)
+
+ def stop(self, force=False):
+ self.instance_manager.stop_current(force)
+ self.logger.debug("stopped")
+
+ def pid(self):
+ return self.instance.pid()
+
+ def is_alive(self):
+ return self.instance and self.instance.is_alive()
+
+ def cleanup(self, force=False):
+ self.instance_manager.teardown(force)
+
+ def executor_browser(self):
+ assert self.instance is not None
+ return ExecutorBrowser, {"marionette_port": self.instance.marionette_port}
+
+ def check_crash(self, process, test):
+ dump_dir = os.path.join(self.instance.runner.profile.profile, "minidumps")
+
+ try:
+ return bool(mozcrash.log_crashes(self.logger,
+ dump_dir,
+ symbols_path=self.symbols_path,
+ stackwalk_binary=self.stackwalk_binary,
+ process=process,
+ test=test))
+ except IOError:
+ self.logger.warning("Looking for crash dump files failed")
+ return False
diff --git a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox_android.py b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox_android.py
index 0b4832f858c..50f8504f8e0 100644
--- a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox_android.py
+++ b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/browsers/firefox_android.py
@@ -1,7 +1,6 @@
import os
import moznetwork
-from mozprofile import FirefoxProfile
from mozrunner import FennecEmulatorRunner
from .base import (get_free_port,
@@ -11,11 +10,13 @@ from ..executors.executormarionette import (MarionetteTestharnessExecutor, # no
MarionetteRefTestExecutor, # noqa: F401
MarionetteCrashtestExecutor) # noqa: F401
from ..process import cast_env
+from .base import (Browser,
+ ExecutorBrowser)
from .firefox import (get_timeout_multiplier, # noqa: F401
run_info_extras as fx_run_info_extras,
update_properties, # noqa: F401
executor_kwargs, # noqa: F401
- FirefoxBrowser) # noqa: F401
+ ProfileCreator as FirefoxProfileCreator)
__wptrunner__ = {"product": "firefox_android",
@@ -84,40 +85,15 @@ def env_options():
"supports_debugger": True}
-class FirefoxAndroidBrowser(FirefoxBrowser):
- init_timeout = 300
- shutdown_timeout = 60
+class ProfileCreator(FirefoxProfileCreator):
+ def __init__(self, logger, prefs_root, config, test_type, extra_prefs, e10s,
+ browser_channel, certutil_binary, ca_certificate_path):
+ super(ProfileCreator, self).__init__(logger, prefs_root, config, test_type, extra_prefs,
+ e10s, browser_channel, None, certutil_binary,
+ ca_certificate_path)
- def __init__(self, logger, prefs_root, test_type, package_name="org.mozilla.geckoview.test",
- device_serial="emulator-5444", **kwargs):
- FirefoxBrowser.__init__(self, logger, None, prefs_root, test_type, **kwargs)
- self.package_name = package_name
- self.device_serial = device_serial
- self.tests_root = kwargs["tests_root"]
- self.install_fonts = kwargs["install_fonts"]
- self.stackwalk_binary = kwargs["stackwalk_binary"]
-
- def start(self, **kwargs):
- if self.marionette_port is None:
- self.marionette_port = get_free_port()
-
- env = {}
- env["MOZ_CRASHREPORTER"] = "1"
- env["MOZ_CRASHREPORTER_SHUTDOWN"] = "1"
- env["MOZ_DISABLE_NONLOCAL_CONNECTIONS"] = "1"
- env["STYLO_THREADS"] = str(self.stylo_threads)
- if self.chaos_mode_flags is not None:
- env["MOZ_CHAOSMODE"] = str(self.chaos_mode_flags)
- if self.enable_webrender:
- env["MOZ_WEBRENDER"] = "1"
- else:
- env["MOZ_WEBRENDER"] = "0"
-
- preferences = self.load_prefs()
-
- self.profile = FirefoxProfile(preferences=preferences)
- self.profile.set_preferences({
- "marionette.port": self.marionette_port,
+ def _set_required_prefs(self, profile):
+ profile.set_preferences({
"network.dns.localDomains": ",".join(self.config.domains_set),
"dom.disable_open_during_load": False,
"places.history.enabled": False,
@@ -126,11 +102,11 @@ class FirefoxAndroidBrowser(FirefoxBrowser):
})
if self.e10s:
- self.profile.set_preferences({"browser.tabs.remote.autostart": True})
+ profile.set_preferences({"browser.tabs.remote.autostart": True})
if self.test_type == "reftest":
self.logger.info("Setting android reftest preferences")
- self.profile.set_preferences({
+ profile.set_preferences({
"browser.viewport.desktopWidth": 800,
# Disable high DPI
"layout.css.devPixelsPerPx": "1.0",
@@ -142,6 +118,72 @@ class FirefoxAndroidBrowser(FirefoxBrowser):
"layout.testing.overlay-scrollbars.always-visible": True,
})
+
+
+class FirefoxAndroidBrowser(Browser):
+ init_timeout = 300
+ shutdown_timeout = 60
+
+ def __init__(self, logger, prefs_root, test_type, package_name="org.mozilla.geckoview.test",
+ device_serial="emulator-5444", extra_prefs=None, debug_info=None,
+ symbols_path=None, stackwalk_binary=None, certutil_binary=None,
+ ca_certificate_path=None, e10s=False, enable_webrender=False, stackfix_dir=None,
+ binary_args=None, timeout_multiplier=None, leak_check=False, asan=False,
+ stylo_threads=1, chaos_mode_flags=None, config=None, browser_channel="nightly",
+ install_fonts=False, tests_root=None, **kwargs):
+
+ super(FirefoxAndroidBrowser, self).__init__(logger)
+ self.prefs_root = prefs_root
+ self.test_type = test_type
+ self.package_name = package_name
+ self.device_serial = device_serial
+ self.debug_info = debug_info
+ self.symbols_path = symbols_path
+ self.stackwalk_binary = stackwalk_binary
+ self.certutil_binary = certutil_binary
+ self.ca_certificate_path = ca_certificate_path
+ self.e10s = e10s
+ self.enable_webrender = enable_webrender
+ self.stackfix_dir = stackfix_dir
+ self.binary_args = binary_args
+ self.timeout_multiplier = timeout_multiplier
+ self.leak_check = leak_check
+ self.asan = asan
+ self.stylo_threads = stylo_threads
+ self.chaos_mode_flags = chaos_mode_flags
+ self.config = config
+ self.browser_channel = browser_channel
+ self.install_fonts = install_fonts
+ self.tests_root = tests_root
+
+ self.profile_creator = ProfileCreator(logger,
+ prefs_root,
+ config,
+ test_type,
+ extra_prefs,
+ e10s,
+ browser_channel,
+ certutil_binary,
+ ca_certificate_path)
+
+ self.marionette_port = None
+ self.profile = None
+ self.runner = None
+
+ def settings(self, test):
+ return {"check_leaks": self.leak_check and not test.leaks,
+ "lsan_allowed": test.lsan_allowed,
+ "lsan_max_stack_depth": test.lsan_max_stack_depth,
+ "mozleak_allowed": self.leak_check and test.mozleak_allowed,
+ "mozleak_thresholds": self.leak_check and test.mozleak_threshold}
+
+ def start(self, **kwargs):
+ if self.marionette_port is None:
+ self.marionette_port = get_free_port()
+
+ self.profile = self.profile_creator.create()
+ self.profile.set_preferences({"marionette.port": self.marionette_port})
+
if self.install_fonts:
self.logger.debug("Copying Ahem font to profile")
font_dir = os.path.join(self.profile.profile, "fonts")
@@ -153,14 +195,23 @@ class FirefoxAndroidBrowser(FirefoxBrowser):
self.leak_report_file = None
- if self.ca_certificate_path is not None:
- self.setup_ssl()
-
debug_args, cmd = browser_command(self.package_name,
self.binary_args if self.binary_args else [] +
[cmd_arg("marionette"), "about:blank"],
self.debug_info)
+ env = {}
+ env["MOZ_CRASHREPORTER"] = "1"
+ env["MOZ_CRASHREPORTER_SHUTDOWN"] = "1"
+ env["MOZ_DISABLE_NONLOCAL_CONNECTIONS"] = "1"
+ env["STYLO_THREADS"] = str(self.stylo_threads)
+ if self.chaos_mode_flags is not None:
+ env["MOZ_CHAOSMODE"] = str(self.chaos_mode_flags)
+ if self.enable_webrender:
+ env["MOZ_WEBRENDER"] = "1"
+ else:
+ env["MOZ_WEBRENDER"] = "0"
+
self.runner = FennecEmulatorRunner(app=self.package_name,
profile=self.profile,
cmdargs=cmd[1:],
@@ -203,6 +254,26 @@ class FirefoxAndroidBrowser(FirefoxBrowser):
self.runner.stop()
self.logger.debug("stopped")
+ def pid(self):
+ if self.runner.process_handler is None:
+ return None
+
+ try:
+ return self.runner.process_handler.pid
+ except AttributeError:
+ return None
+
+ def is_alive(self):
+ if self.runner:
+ return self.runner.is_running()
+ return False
+
+ def cleanup(self, force=False):
+ self.stop(force)
+
+ def executor_browser(self):
+ return ExecutorBrowser, {"marionette_port": self.marionette_port}
+
def check_crash(self, process, test):
if not os.environ.get("MINIDUMP_STACKWALK", "") and self.stackwalk_binary:
os.environ["MINIDUMP_STACKWALK"] = self.stackwalk_binary
diff --git a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/wptcommandline.py b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/wptcommandline.py
index 59a8c55b4ef..8125700b4bf 100644
--- a/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/wptcommandline.py
+++ b/tests/wpt/web-platform-tests/tools/wptrunner/wptrunner/wptcommandline.py
@@ -263,6 +263,10 @@ scheme host and port.""")
gecko_group = parser.add_argument_group("Gecko-specific")
gecko_group.add_argument("--prefs-root", dest="prefs_root", action="store", type=abs_path,
help="Path to the folder containing browser prefs")
+ gecko_group.add_argument("--preload-browser", dest="preload_browser", action="store_true",
+ default=None, help="Preload a gecko instance for faster restarts")
+ gecko_group.add_argument("--no-preload-browser", dest="preload_browser", action="store_false",
+ default=None, help="Don't preload a gecko instance for faster restarts")
gecko_group.add_argument("--disable-e10s", dest="gecko_e10s", action="store_false", default=True,
help="Run tests without electrolysis preferences")
gecko_group.add_argument("--enable-webrender", dest="enable_webrender", action="store_true", default=None,
@@ -558,6 +562,10 @@ def check_args(kwargs):
if kwargs["enable_webrender"] is None:
kwargs["enable_webrender"] = False
+ if kwargs["preload_browser"] is None:
+ # Default to preloading a gecko instance if we're only running a single process
+ kwargs["preload_browser"] = kwargs["processes"] == 1
+
return kwargs
diff --git a/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for-report-only.tentative.https.html b/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for-report-only.tentative.https.html
index 56f62952213..651bf0a7199 100644
--- a/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for-report-only.tentative.https.html
+++ b/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for-report-only.tentative.https.html
@@ -14,9 +14,9 @@
testCases.forEach(c => {
const name = `${c[0]}.${c[1]} `;
test(t => {
- s = document.createElement("script");
- s.innerText = "1";
- assert_equals("1", s.innerText.toString());
+ s = document.createElement(c[0]);
+ s[c[1]] = "https://example.com/";
+ assert_equals("https://example.com/", s[c[1]].toString());
}, name + "without trusted types");
});
@@ -41,4 +41,4 @@
assert_equals(s.innerText.toString(), "1");
}, name + "empty default");
});
-</script>
\ No newline at end of file
+</script>
diff --git a/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for.tentative.https.html b/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for.tentative.https.html
index 3630962ada9..651bf0a7199 100644
--- a/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for.tentative.https.html
+++ b/tests/wpt/web-platform-tests/trusted-types/no-require-trusted-types-for.tentative.https.html
@@ -14,9 +14,9 @@
testCases.forEach(c => {
const name = `${c[0]}.${c[1]} `;
test(t => {
- s = document.createElement("script");
- s.innerText = "1";
- assert_equals("1", s.innerText.toString());
+ s = document.createElement(c[0]);
+ s[c[1]] = "https://example.com/";
+ assert_equals("https://example.com/", s[c[1]].toString());
}, name + "without trusted types");
});
diff --git a/tests/wpt/web-platform-tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html b/tests/wpt/web-platform-tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html
new file mode 100644
index 00000000000..46dae7a9661
--- /dev/null
+++ b/tests/wpt/web-platform-tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<head>
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <meta http-equiv="Content-Security-Policy" content="require-trusted-types-for 'script'">
+</head>
+<body>
+<script>
+ const testCases = [
+ ["script", "src"],
+ ["div", "innerHTML"],
+ ["script", "text"],
+ ];
+
+ testCases.forEach(c => {
+ const name = `${c[0]}.${c[1]} `;
+ test(t => {
+ s = document.createElement(c[0]);
+ s[c[1]] = "https://example.com/";
+ assert_equals("https://example.com/", s[c[1]].toString());
+ }, name + "without trusted types is not blocked by require-trusted-types-for on non-secure pages");
+ });
+</script>
+</body>
diff --git a/tests/wpt/web-platform-tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html.headers b/tests/wpt/web-platform-tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html.headers
new file mode 100644
index 00000000000..af6596b29a8
--- /dev/null
+++ b/tests/wpt/web-platform-tests/trusted-types/nonsecure-require-trusted-types-for.tentative.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: require-trusted-types-for 'script'
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..61b877179b5
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..cf33de98270
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..d8cb3879821
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..f6f20b961c9
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..ed733b37443
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-https.downgrade.https.html
new file mode 100644
index 00000000000..123082b69d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/fetch/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..72bd9333c18
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..dcbf07f7ce1
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..bdc7fb2c459
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..8f18e37f154
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..a43a3168398
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..c060ae2f6d3
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..30bea818628
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-https.downgrade.https.html
new file mode 100644
index 00000000000..a6d639790b4
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-classic.http-rp/upgrade/xhr/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..1369927f37e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..f33ac5c4577
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..305446297d5
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..c2db82d541c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..683d3683aed
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-https.downgrade.https.html
new file mode 100644
index 00000000000..9f7061ed66c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/fetch/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..845eea6de9f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..c982b10aa5e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..24dc6fcd00c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..1eaa99de10a
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..dd536795ab6
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..1d24f759d31
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..0433b4e6f77
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-https.downgrade.https.html
new file mode 100644
index 00000000000..854197395df
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/sharedworker-module.http-rp/upgrade/xhr/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "sharedworker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..6343f36cb31
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..577b857caf5
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..e05cc38d22f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..5353e644b5e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..eddd8cb2d39
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html
new file mode 100644
index 00000000000..0f1e15c0900
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..2aba803e47e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..f60d181f433
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..42ed603827e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..7a20a8e3fd2
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html
new file mode 100644
index 00000000000..5a958a08cb6
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..2c1fb202a49
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..9f82d377780
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html
new file mode 100644
index 00000000000..72efc132acd
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..ff1bcf3810b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..41ef5301d9d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..88ae7c1ba97
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..4846c1b74bd
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..5ac1a65b163
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html
new file mode 100644
index 00000000000..72c31fad4ba
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..d9755caa893
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..6b817746c5e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..cb5ceb285c0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..a4f8fa016d4
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..c7bd3df7c33
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-https.downgrade.https.html
new file mode 100644
index 00000000000..e75a0162cdc
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/fetch/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..3a65178ee2f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..bd36ad5e61d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..68248b66d28
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..151e3968407
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.downgrade.https.html
new file mode 100644
index 00000000000..6fdc1411389
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-classic/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..f168e1ea28b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..3e42f056f58
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-https.downgrade.https.html
new file mode 100644
index 00000000000..02723eae64b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/worker-module/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..8a7fe50d953
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..36b2828c4ad
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..b89fdb90566
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..f90e276e338
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..7cd85dcb51f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-https.downgrade.https.html
new file mode 100644
index 00000000000..9549a31e854
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/unset/xhr/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..3a45df5b10b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..b7817aab76c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..bbe8f0556d9
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..322d17cffc2
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..06149273ccd
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-https.downgrade.https.html
new file mode 100644
index 00000000000..268ceb2a1c3
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/fetch/same-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..43180322e4f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..22a41d20731
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..91efc3fe62e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..e33fe74f66f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html
new file mode 100644
index 00000000000..33ce6b6ec99
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..33faa24d050
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..cc4c777cebf
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html
new file mode 100644
index 00000000000..f955230b051
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..ab564874fef
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..71b5ca048aa
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..e8a08fc0cd8
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..6125ad0c854
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..9cf1a16672d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-https.downgrade.https.html
new file mode 100644
index 00000000000..b3e64a982b6
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-classic-inherit.meta/upgrade/xhr/same-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-classic"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..da211f791b3
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..5168cfed44b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..4323601eac1
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/cross-https.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..f29fa9df397
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..9a7dce98896
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html
new file mode 100644
index 00000000000..75268315985
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/fetch/same-https.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..be9a3489fa1
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..0f7e54ed5b8
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/websocket/same-ws-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..707fffa985c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..f3e96e7eef8
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html
new file mode 100644
index 00000000000..3bd618a1318
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-classic/same-https.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..3b13bd0ffb1
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..f5bd175493f
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html
new file mode 100644
index 00000000000..1a410c337ad
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/worker-module/same-https.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..d4c52592813
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..4378941e87b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..b278d26aee1
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/cross-https.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..3220dbc607e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..5b345af1fb8
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-http-downgrade.no-redirect.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html
new file mode 100644
index 00000000000..0b0ed68401b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers
new file mode 100644
index 00000000000..602d9dc38d0
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.http-rp/upgrade/xhr/same-https.downgrade.https.html.headers
@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..112fae83b06
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..b3995f33285
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..643d7d22451
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to cross-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..5c7db8f9995
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..fc1f4c44f87
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-https.downgrade.https.html
new file mode 100644
index 00000000000..bfad8ce5824
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/fetch/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for fetch to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..5b286c2c85d
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..b257b62b377
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..41edcee9134
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..c8f80ea5f8e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-https.downgrade.https.html
new file mode 100644
index 00000000000..e62b99cfe0c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-classic/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-classic to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..9ae603af956
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..fa6db2386ff
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-https.downgrade.https.html
new file mode 100644
index 00000000000..67db42fbaf7
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/worker-module/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for worker-module to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..fd8f1d45ccd
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..79a1cc703c9
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..9d851b1cbe6
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to cross-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..c5fd0128ae1
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..f3d42434214
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-http-downgrade origin and no-redirect redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-https.downgrade.https.html
new file mode 100644
index 00000000000..d220e187293
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/unset/xhr/same-https.downgrade.https.html
@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: No upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="No upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects blocked for xhr to same-https origin and downgrade redirection from https context.">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "blocked",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [
+ {
+ "deliveryType": "http-rp",
+ "key": "upgradeInsecureRequests",
+ "value": "upgrade"
+ }
+ ],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..fe3315e93c5
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..2b116132a69
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..218fe6ea34c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/cross-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..940801d887c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..7cf5065260c
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-https.downgrade.https.html
new file mode 100644
index 00000000000..4074faa3ef2
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/fetch/same-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "fetch",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..10244a37560
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/cross-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to cross-ws-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..87fc5f47dfa
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/websocket/same-ws-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for websocket to same-ws-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-ws-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "websocket",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..47530942a20
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..b663ecb63ef
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html
new file mode 100644
index 00000000000..c9a3b86de32
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-classic/same-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-classic",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..f6845c74475
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..15b88d596ae
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html
new file mode 100644
index 00000000000..ee73df98a2e
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/worker-module/same-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "worker-module",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..496e66122cf
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..97f71307056
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html
new file mode 100644
index 00000000000..3b9fa3d655b
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/cross-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "cross-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html
new file mode 100644
index 00000000000..3e1d82ab639
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html
new file mode 100644
index 00000000000..8990d9e9515
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-http-downgrade.no-redirect.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-http-downgrade",
+ "redirection": "no-redirect",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-https.downgrade.https.html b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-https.downgrade.https.html
new file mode 100644
index 00000000000..cb7f651df88
--- /dev/null
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/gen/worker-module-inherit.meta/upgrade/xhr/same-https.downgrade.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec upgrade-insecure-requests/` -->
+<html>
+ <head>
+ <title>Upgrade-Insecure-Requests: With upgrade-insecure-request</title>
+ <meta charset='utf-8'>
+ <meta name="description" content="With upgrade-insecure-request">
+ <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+ <link rel="help" href="https://w3c.github.io/webappsec-upgrade-insecure-requests/">
+ <meta name="assert" content="Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.">
+ <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/common/security-features/resources/common.sub.js"></script>
+ <script src="../../../../generic/test-case.sub.js"></script>
+ </head>
+ <body>
+ <script>
+ TestCase(
+ {
+ "expectation": "allowed",
+ "origin": "same-https",
+ "redirection": "downgrade",
+ "source_context_list": [
+ {
+ "policyDeliveries": [],
+ "sourceContextType": "worker-module"
+ }
+ ],
+ "source_scheme": "https",
+ "subresource": "xhr",
+ "subresource_policy_deliveries": []
+ },
+ document.querySelector("meta[name=assert]").content,
+ new SanityChecker()
+ ).start();
+ </script>
+ <div id="log"></div>
+ </body>
+</html>
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/generic/spec_json.js b/tests/wpt/web-platform-tests/upgrade-insecure-requests/generic/spec_json.js
index c0ef9714895..fa9ace46dcb 100644
--- a/tests/wpt/web-platform-tests/upgrade-insecure-requests/generic/spec_json.js
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/generic/spec_json.js
@@ -1 +1 @@
-var SPEC_JSON = {"selection_pattern": "%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s", "test_file_path_pattern": "gen/%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s.html", "excluded_tests": [{"name": "Workers are same-origin only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": ["cross-https", "cross-http", "cross-http-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Workers are same-origin only (redirects)", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["swap-origin", "swap-scheme"], "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": "*", "expectation": "*"}, {"name": "Websockets are ws/wss-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "websocket", "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade"], "expectation": "*"}, {"name": "Websockets are no-redirect only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "subresource": "websocket", "origin": "*", "expectation": "*"}, {"name": "ws/wss are websocket-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["area-tag", "a-tag", "fetch", "iframe-tag", "img-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Omit secure requests", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "no-redirect", "subresource": "*", "origin": ["same-https", "cross-https", "same-wss", "cross-wss"], "expectation": "allowed"}, {"name": "For inheriting tests skip http-rp because we already have <meta> tests", "expansion": "*", "source_scheme": "*", "source_context_list": ["srcdoc-inherit", "iframe-blank-inherit", "worker-classic-data"], "delivery_type": "http-rp", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "source_context_list values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": ["req", "srcdoc", "iframe", "worker-classic", "worker-module", "worker-module-data", "sharedworker-classic-data", "sharedworker-module-data"], "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "subresource values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["a-tag", "area-tag", "audio-tag", "beacon", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "video-tag"], "origin": "*", "expectation": "*"}, {"name": "origins that upgrade-insecure-requests tests don't care", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "origin": ["same-http", "cross-http", "same-ws", "cross-ws"], "subresource": "*", "expectation": "*"}, {"name": "redirections that upgrade-insecure-requests tests don't care", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "keep-scheme", "swap-scheme"], "origin": "*", "subresource": "*", "expectation": "*"}], "source_context_schema": {"supported_subresource": {"top": "*", "iframe": "*", "iframe-blank": "*", "srcdoc": "*", "worker-classic": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-module": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-classic-data": ["xhr", "fetch", "websocket"], "worker-module-data": ["xhr", "fetch", "websocket"], "sharedworker-classic": ["xhr", "fetch", "websocket"], "sharedworker-module": ["xhr", "fetch", "websocket"], "sharedworker-classic-data": ["xhr", "fetch", "websocket"], "sharedworker-module-data": ["xhr", "fetch", "websocket"]}, "supported_delivery_type": {"top": ["http-rp", "meta"], "iframe": ["http-rp", "meta"], "iframe-blank": ["meta"], "srcdoc": ["meta"], "worker-classic": ["http-rp"], "worker-module": ["http-rp"], "worker-classic-data": [], "worker-module-data": [], "sharedworker-classic": ["http-rp"], "sharedworker-module": ["http-rp"], "sharedworker-classic-data": [], "sharedworker-module-data": []}}, "source_context_list_schema": {"top": {"description": "Policy set by the top-level Document", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "req": {"description": "Subresource request's policy should override Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": ["nonNullPolicy"]}, "srcdoc-inherit": {"description": "srcdoc iframe without its own policy should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "srcdoc"}], "subresourcePolicyDeliveries": []}, "srcdoc": {"description": "srcdoc iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "srcdoc", "policyDeliveries": ["nonNullPolicy"]}], "subresourcePolicyDeliveries": []}, "iframe": {"description": "external iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "iframe", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "iframe-blank-inherit": {"description": "blank iframe should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "iframe-blank"}], "subresourcePolicyDeliveries": []}, "worker-classic": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-classic", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-classic-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "worker-module": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-module", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-module-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-classic-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-module-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}}, "test_expansion_schema": {"expansion": ["default", "override"], "source_scheme": ["http", "https"], "source_context_list": ["top", "req", "srcdoc-inherit", "srcdoc", "iframe", "iframe-blank-inherit", "worker-classic", "worker-classic-data", "worker-module", "worker-module-data", "sharedworker-classic-data", "sharedworker-module-data"], "redirection": ["no-redirect", "keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade", "same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "subresource": ["a-tag", "area-tag", "audio-tag", "beacon", "fetch", "iframe-tag", "img-tag", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "video-tag", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "delivery_type": ["http-rp", "meta"], "delivery_value": [null, "upgrade"], "expectation": ["allowed", "blocked"]}, "test_description_template": "Upgrade-Insecure-Requests: Expects %(expectation)s for %(subresource)s to %(origin)s origin and %(redirection)s redirection from %(source_scheme)s context.", "test_page_title_template": "Upgrade-Insecure-Requests: %(title)s", "specification": [{"name": "No upgrade-insecure-request", "title": "No upgrade-insecure-request", "description": "No upgrade-insecure-request", "specification_url": "https://w3c.github.io/webappsec-upgrade-insecure-requests/", "test_expansion": [{"name": "Without upgrade-insecure-request, all requests are blocked ...", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "meta", "delivery_value": null, "redirection": "*", "subresource": "*", "origin": "*", "expectation": "blocked"}, {"name": "... except for the secure requests listed here", "expansion": "override", "source_scheme": "https", "source_context_list": "*", "delivery_type": "meta", "delivery_value": null, "redirection": "no-redirect", "subresource": "*", "origin": ["same-https", "cross-https", "same-wss", "cross-wss"], "expectation": "allowed"}]}, {"name": "With upgrade-insecure-request", "title": "With upgrade-insecure-request", "description": "With upgrade-insecure-request", "specification_url": "https://w3c.github.io/webappsec-upgrade-insecure-requests/", "test_expansion": [{"name": "With upgrade-insecure-request, all insecure requests are upgraded and allowed.", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "upgrade", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "allowed"}]}], "delivery_key": "upgradeInsecureRequests", "subresource_schema": {"supported_delivery_type": {"a-tag": [], "area-tag": [], "audio-tag": [], "beacon": [], "fetch": [], "iframe-tag": [], "img-tag": [], "link-css-tag": [], "link-prefetch-tag": [], "object-tag": [], "picture-tag": [], "script-tag": [], "sharedworker-classic": [], "sharedworker-import-data": [], "sharedworker-module": [], "video-tag": [], "websocket": [], "worker-classic": [], "worker-import-data": [], "worker-module": [], "worklet-animation": [], "worklet-animation-import-data": [], "worklet-audio": [], "worklet-audio-import-data": [], "worklet-layout": [], "worklet-layout-import-data": [], "worklet-paint": [], "worklet-paint-import-data": [], "xhr": []}}};
+var SPEC_JSON = {"selection_pattern": "%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s", "test_file_path_pattern": "gen/%(source_context_list)s.%(delivery_type)s/%(delivery_value)s/%(subresource)s/%(origin)s.%(redirection)s.%(source_scheme)s.html", "excluded_tests": [{"name": "Workers are same-origin only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": ["cross-https", "cross-http", "cross-http-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Workers are same-origin only (redirects)", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["swap-origin", "swap-scheme"], "subresource": ["worker-classic", "worker-module", "sharedworker-classic", "sharedworker-module"], "origin": "*", "expectation": "*"}, {"name": "Websockets are ws/wss-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "websocket", "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade"], "expectation": "*"}, {"name": "Websockets are no-redirect only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "subresource": "websocket", "origin": "*", "expectation": "*"}, {"name": "ws/wss are websocket-only", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["area-tag", "a-tag", "fetch", "iframe-tag", "img-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "origin": ["same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "expectation": "*"}, {"name": "Omit secure requests", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "no-redirect", "subresource": "*", "origin": ["same-https", "cross-https", "same-wss", "cross-wss"], "expectation": "allowed"}, {"name": "For inheriting tests skip http-rp because we already have <meta> tests", "expansion": "*", "source_scheme": "*", "source_context_list": ["srcdoc-inherit", "iframe-blank-inherit", "worker-classic-data"], "delivery_type": "http-rp", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "source_context_list values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": ["req", "srcdoc", "iframe", "worker-module-data", "sharedworker-classic-data", "sharedworker-module-data"], "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "source_context_list values not for CSP tests", "expansion": "*", "source_scheme": "*", "source_context_list": ["worker-classic", "worker-module"], "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "*"}, {"name": "subresource values not yet tested", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "subresource": ["a-tag", "area-tag", "audio-tag", "beacon", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "video-tag"], "origin": "*", "expectation": "*"}, {"name": "origins that upgrade-insecure-requests tests don't care", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": "*", "origin": ["same-http", "cross-http", "same-ws", "cross-ws"], "subresource": "*", "expectation": "*"}, {"name": "redirections that upgrade-insecure-requests tests don't care", "expansion": "*", "source_scheme": "*", "source_context_list": "*", "delivery_type": "*", "delivery_value": "*", "redirection": ["keep-origin", "swap-origin", "keep-scheme", "swap-scheme"], "origin": "*", "subresource": "*", "expectation": "*"}], "source_context_schema": {"supported_subresource": {"top": "*", "iframe": "*", "iframe-blank": "*", "srcdoc": "*", "worker-classic": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-module": ["xhr", "fetch", "websocket", "worker-classic", "worker-module"], "worker-classic-data": ["xhr", "fetch", "websocket"], "worker-module-data": ["xhr", "fetch", "websocket"], "sharedworker-classic": ["xhr", "fetch", "websocket"], "sharedworker-module": ["xhr", "fetch", "websocket"], "sharedworker-classic-data": ["xhr", "fetch", "websocket"], "sharedworker-module-data": ["xhr", "fetch", "websocket"]}, "supported_delivery_type": {"top": ["http-rp", "meta"], "iframe": ["http-rp", "meta"], "iframe-blank": ["meta"], "srcdoc": ["meta"], "worker-classic": ["http-rp"], "worker-module": ["http-rp"], "worker-classic-data": [], "worker-module-data": [], "sharedworker-classic": ["http-rp"], "sharedworker-module": ["http-rp"], "sharedworker-classic-data": [], "sharedworker-module-data": []}}, "source_context_list_schema": {"top": {"description": "Policy set by the top-level Document", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "req": {"description": "Subresource request's policy should override Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": ["nonNullPolicy"]}, "srcdoc-inherit": {"description": "srcdoc iframe without its own policy should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "srcdoc"}], "subresourcePolicyDeliveries": []}, "srcdoc": {"description": "srcdoc iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "srcdoc", "policyDeliveries": ["nonNullPolicy"]}], "subresourcePolicyDeliveries": []}, "iframe": {"description": "external iframe's policy should override parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "iframe", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "iframe-blank-inherit": {"description": "blank iframe should inherit parent Document's policy", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "iframe-blank"}], "subresourcePolicyDeliveries": []}, "worker-classic": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-classic", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-classic-inherit": {"description": "dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-classic", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": []}, "worker-classic-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "worker-module": {"description": "dedicated workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "worker-module", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "worker-module-inherit": {"description": "dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-module", "policyDeliveries": ["anotherPolicy"]}], "subresourcePolicyDeliveries": []}, "worker-module-data": {"description": "data: dedicated workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "worker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-classic": {"description": "shared workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "sharedworker-classic", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "sharedworker-classic-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-classic-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}, "sharedworker-module": {"description": "shared workers shouldn't inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["anotherPolicy"]}, {"sourceContextType": "sharedworker-module", "policyDeliveries": ["policy"]}], "subresourcePolicyDeliveries": []}, "sharedworker-module-data": {"description": "data: shared workers should inherit its parent's policy.", "sourceContextList": [{"sourceContextType": "top", "policyDeliveries": ["policy"]}, {"sourceContextType": "sharedworker-module-data", "policyDeliveries": []}], "subresourcePolicyDeliveries": []}}, "test_expansion_schema": {"expansion": ["default", "override"], "source_scheme": ["http", "https"], "source_context_list": ["top", "req", "srcdoc-inherit", "srcdoc", "iframe", "iframe-blank-inherit", "worker-classic", "worker-classic-inherit", "worker-classic-data", "worker-module", "worker-module-inherit", "worker-module-data", "sharedworker-classic", "sharedworker-classic-data", "sharedworker-module", "sharedworker-module-data"], "redirection": ["no-redirect", "keep-origin", "swap-origin", "keep-scheme", "swap-scheme", "downgrade"], "origin": ["same-https", "same-http", "same-http-downgrade", "cross-https", "cross-http", "cross-http-downgrade", "same-wss", "same-ws", "same-ws-downgrade", "cross-wss", "cross-ws", "cross-ws-downgrade"], "subresource": ["a-tag", "area-tag", "audio-tag", "beacon", "fetch", "iframe-tag", "img-tag", "link-css-tag", "link-prefetch-tag", "object-tag", "picture-tag", "script-tag", "sharedworker-classic", "sharedworker-import-data", "sharedworker-module", "video-tag", "websocket", "worker-classic", "worker-import-data", "worker-module", "worklet-animation", "worklet-animation-import-data", "worklet-audio", "worklet-audio-import-data", "worklet-layout", "worklet-layout-import-data", "worklet-paint", "worklet-paint-import-data", "xhr"], "delivery_type": ["http-rp", "meta"], "delivery_value": [null, "upgrade"], "expectation": ["allowed", "blocked"]}, "test_description_template": "Upgrade-Insecure-Requests: Expects %(expectation)s for %(subresource)s to %(origin)s origin and %(redirection)s redirection from %(source_scheme)s context.", "test_page_title_template": "Upgrade-Insecure-Requests: %(title)s", "specification": [{"name": "No upgrade-insecure-request", "title": "No upgrade-insecure-request", "description": "No upgrade-insecure-request", "specification_url": "https://w3c.github.io/webappsec-upgrade-insecure-requests/", "test_expansion": [{"name": "Without upgrade-insecure-request, all requests are blocked ...", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "meta", "delivery_value": null, "redirection": "*", "subresource": "*", "origin": "*", "expectation": "blocked"}, {"name": "... except for the secure requests listed here", "expansion": "override", "source_scheme": "https", "source_context_list": "*", "delivery_type": "meta", "delivery_value": null, "redirection": "no-redirect", "subresource": "*", "origin": ["same-https", "cross-https", "same-wss", "cross-wss"], "expectation": "allowed"}]}, {"name": "With upgrade-insecure-request", "title": "With upgrade-insecure-request", "description": "With upgrade-insecure-request", "specification_url": "https://w3c.github.io/webappsec-upgrade-insecure-requests/", "test_expansion": [{"name": "With upgrade-insecure-request, all insecure requests are upgraded and allowed.", "expansion": "default", "source_scheme": "https", "source_context_list": "*", "delivery_type": "*", "delivery_value": "upgrade", "redirection": "*", "subresource": "*", "origin": "*", "expectation": "allowed"}]}], "delivery_key": "upgradeInsecureRequests", "subresource_schema": {"supported_delivery_type": {"a-tag": [], "area-tag": [], "audio-tag": [], "beacon": [], "fetch": [], "iframe-tag": [], "img-tag": [], "link-css-tag": [], "link-prefetch-tag": [], "object-tag": [], "picture-tag": [], "script-tag": [], "sharedworker-classic": [], "sharedworker-import-data": [], "sharedworker-module": [], "video-tag": [], "websocket": [], "worker-classic": [], "worker-import-data": [], "worker-module": [], "worklet-animation": [], "worklet-animation-import-data": [], "worklet-audio": [], "worklet-audio-import-data": [], "worklet-layout": [], "worklet-layout-import-data": [], "worklet-paint": [], "worklet-paint-import-data": [], "xhr": []}}};
diff --git a/tests/wpt/web-platform-tests/upgrade-insecure-requests/spec.src.json b/tests/wpt/web-platform-tests/upgrade-insecure-requests/spec.src.json
index d64315903aa..f5198c31897 100644
--- a/tests/wpt/web-platform-tests/upgrade-insecure-requests/spec.src.json
+++ b/tests/wpt/web-platform-tests/upgrade-insecure-requests/spec.src.json
@@ -103,8 +103,6 @@
"req",
"srcdoc",
"iframe",
- "worker-classic",
- "worker-module",
"worker-module-data",
"sharedworker-classic-data",
"sharedworker-module-data"
@@ -116,6 +114,21 @@
"origin": "*",
"expectation": "*"
},
+ {
+ "name": "source_context_list values not for CSP tests",
+ "expansion": "*",
+ "source_scheme": "*",
+ "source_context_list": [
+ "worker-classic",
+ "worker-module"
+ ],
+ "delivery_type": "*",
+ "delivery_value": "*",
+ "redirection": "*",
+ "subresource": "*",
+ "origin": "*",
+ "expectation": "*"
+ },
{
"name": "subresource values not yet tested",
"expansion": "*",
diff --git a/tests/wpt/web-platform-tests/web-animations/interfaces/Animatable/animate.html b/tests/wpt/web-platform-tests/web-animations/interfaces/Animatable/animate.html
index bfe351250ff..00e68b42962 100644
--- a/tests/wpt/web-platform-tests/web-animations/interfaces/Animatable/animate.html
+++ b/tests/wpt/web-platform-tests/web-animations/interfaces/Animatable/animate.html
@@ -317,15 +317,17 @@ test(t => {
for (const pseudo of [
'',
'before',
+ ':abc',
'::abc',
'::placeholder',
]) {
test(t => {
const div = createDiv(t);
- assert_throws_js(TypeError, () => {
+ assert_throws_dom("SyntaxError", () => {
div.animate(null, {pseudoElement: pseudo});
});
- }, `animate() with the invalid pseudoElement '${pseudo}' throws a TypeError`);
+ }, `animate() with a non-null invalid pseudoElement '${pseudo}' throws a ` +
+ `SyntaxError`);
}
</script>
diff --git a/tests/wpt/web-platform-tests/web-animations/interfaces/KeyframeEffect/target.html b/tests/wpt/web-platform-tests/web-animations/interfaces/KeyframeEffect/target.html
index 6951682c4d8..30b2ee6f0c8 100644
--- a/tests/wpt/web-platform-tests/web-animations/interfaces/KeyframeEffect/target.html
+++ b/tests/wpt/web-platform-tests/web-animations/interfaces/KeyframeEffect/target.html
@@ -251,14 +251,15 @@ for (const hasContent of [true, false]){
for (const pseudo of [
'',
'before',
+ ':abc',
'::abc',
'::placeholder',
]) {
test(t => {
const effect = new KeyframeEffect(null, gKeyFrames, 100 * MS_PER_SEC);
- assert_throws_js(TypeError, () => effect.pseudoElement = pseudo );
- }, `Changing pseudoElement to invalid pseudo-selector '${pseudo}' throws a ` +
- `TypeError`);
+ assert_throws_dom("SyntaxError", () => effect.pseudoElement = pseudo );
+ }, `Changing pseudoElement to a non-null invalid pseudo-selector ` +
+ `'${pseudo}' throws a SyntaxError`);
}
</script>
diff --git a/tests/wpt/web-platform-tests/webrtc/RTCPeerConnection-close.html b/tests/wpt/web-platform-tests/webrtc/RTCPeerConnection-close.html
deleted file mode 100644
index 74f816bf3fc..00000000000
--- a/tests/wpt/web-platform-tests/webrtc/RTCPeerConnection-close.html
+++ /dev/null
@@ -1,18 +0,0 @@
-<!doctype html>
-<meta charset=utf-8>
-<title>RTCPeerConnection.prototype.close</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<script>
-'use strict';
-
- promise_test(async t => {
- const pc = new RTCPeerConnection();
- t.add_cleanup(() => pc.close());
-
- pc.onsignalingstatechange = t.unreached_func();
- pc.close();
- assert_true(pc.signalingState === 'closed');
- await new Promise(r => t.step_timeout(r, 100));
- }, 'RTCPeerConnection.close() does not fire signalingstatechange event.');
-</script>
diff --git a/tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_inputSources.https.html b/tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_inputSources.https.html
new file mode 100644
index 00000000000..b13d69a0d84
--- /dev/null
+++ b/tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_inputSources.https.html
@@ -0,0 +1,171 @@
+<!DOCTYPE html>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="../resources/webxr_util.js"></script>
+<script src="../resources/webxr_test_asserts.js"></script>
+<script src="../resources/webxr_test_constants.js"></script>
+<script src="../resources/webxr_test_constants_fake_world.js"></script>
+<canvas />
+
+<script>
+
+// 1m above world origin.
+const VIEWER_ORIGIN_TRANSFORM = {
+ position: [0, 1, 0],
+ orientation: [0, 0, 0, 1],
+};
+
+// 0.25m above world origin.
+const FLOOR_ORIGIN_TRANSFORM = {
+ position: [0, -0.25, 0],
+ orientation: [0, 0, 0, 1],
+};
+
+const SCREEN_POINTER_TRANSFORM = {
+ position: [0, 0, 0], // middle of the screen
+ orientation: [0, 0, 0, 1] // forward-facing
+};
+
+const screen_controller_init = {
+ handedness: "none",
+ targetRayMode: "screen",
+ pointerOrigin: SCREEN_POINTER_TRANSFORM, // aka input_from_pointer
+ profiles: ["generic-touchscreen",]
+};
+
+const fakeDeviceInitParams = {
+ supportedModes: ["immersive-ar"],
+ views: VALID_VIEWS,
+ floorOrigin: FLOOR_ORIGIN_TRANSFORM, // aka floor_from_mojo
+ viewerOrigin: VIEWER_ORIGIN_TRANSFORM, // aka mojo_from_viewer
+ supportedFeatures: ALL_FEATURES,
+ world: createFakeWorld(5.0, 2.0, 5.0), // see webxr_test_constants_fake_world.js for details
+};
+
+// Generates a test function given the parameters for the hit test.
+// |ray| - ray that will be used to subscribe to hit test.
+// |expectedPoses| - array of expected pose objects. The poses should be expressed in local space.
+// Null entries in the array mean that the given entry will not be validated.
+// |inputFromPointer| - input from pointer transform that will be used as the input source's
+// inputFromPointer (aka pointer origin) in subsequent rAF.
+// |nextFrameExpectedPoses| - array of expected pose objects. The poses should be expressed in local space.
+// Null entries in the array mean that the given entry will not be validated.
+let testFunctionGenerator = function(ray, expectedPoses, inputFromPointer, nextFrameExpectedPoses) {
+ const testFunction = function(session, fakeDeviceController, t) {
+ return session.requestReferenceSpace('local').then((localRefSpace) => new Promise((resolve, reject) => {
+
+ const input_source_controller = fakeDeviceController.simulateInputSourceConnection(screen_controller_init);
+
+ session.requestAnimationFrame((time, frame) => {
+ t.step(() => {
+ assert_equals(session.inputSources.length, 1);
+ });
+
+ const input_source = session.inputSources[0];
+ const hitTestOptionsInit = {
+ space: input_source.targetRaySpace,
+ offsetRay: ray,
+ };
+
+ session.requestHitTestSource(hitTestOptionsInit).then((hitTestSource) => {
+ t.step(() => {
+ assert_not_equals(hitTestSource, null);
+ });
+
+ // We got a hit test source, now get the results in subsequent rAFcb:
+ session.requestAnimationFrame((time, frame) => {
+ const results = frame.getHitTestResults(hitTestSource);
+
+ t.step(() => {
+ assert_equals(results.length, expectedPoses.length);
+ for(const [index, expectedPose] of expectedPoses.entries()) {
+ const pose = results[index].getPose(localRefSpace);
+ assert_true(pose != null, "Each hit test result should have a pose in local space");
+ if(expectedPose != null) {
+ assert_transform_approx_equals(pose.transform, expectedPose, FLOAT_EPSILON, "before-move-pose: ");
+ }
+ }
+ });
+
+ input_source_controller.setPointerOrigin(inputFromPointer, false);
+
+ session.requestAnimationFrame((time, frame) => {
+ const results = frame.getHitTestResults(hitTestSource);
+
+ t.step(() => {
+ assert_equals(results.length, nextFrameExpectedPoses.length);
+ for(const [index, expectedPose] of nextFrameExpectedPoses.entries()) {
+ const pose = results[index].getPose(localRefSpace);
+ assert_true(pose != null, "Each hit test result should have a pose in local space");
+ if(expectedPose != null) {
+ assert_transform_approx_equals(pose.transform, expectedPose, FLOAT_EPSILON, "after-move-pose: ");
+ }
+ }
+ });
+
+ resolve();
+ });
+ });
+ });
+ });
+ }));
+ };
+
+ return testFunction;
+};
+
+
+// Pose of the first expected hit test result - straight ahead of the input source, viewer-facing.
+const pose_1 = {
+ position: {x: 0.0, y: 1.0, z: -2.5, w: 1.0},
+ orientation: {x: 0.0, y: -0.707, z: -0.707, w: 0.0},
+ // Hit test API will set Y axis to the surface normal at the intersection point,
+ // Z axis towards the ray origin and X axis to cross product of Y axis & Z axis.
+ // If the surface normal and Z axis would be parallel, the hit test API
+ // will attempt to use `up` vector ([0, 1, 0]) as the Z axis, and if it so happens that Z axis
+ // and the surface normal would still be parallel, it will use the `right` vector ([1, 0, 0]) as the Z axis.
+ // In this particular case, `up` vector will work so the resulting pose.orientation
+ // becomes a rotation around [0, 1, 1] vector by 180 degrees.
+};
+
+xr_session_promise_test("Ensures subscription to hit test works with an XRSpace from input source - no move",
+ testFunctionGenerator(new XRRay(), [pose_1], SCREEN_POINTER_TRANSFORM, [pose_1]),
+ fakeDeviceInitParams,
+ 'immersive-ar', { 'requiredFeatures': ['hit-test'] });
+
+const moved_pointer_transform_1 = {
+ position: [0, 0, 0], // middle of the screen
+ orientation: [ 0.707, 0, 0, 0.707 ] // 90 degrees around X axis = facing up
+};
+
+xr_session_promise_test("Ensures subscription to hit test works with an XRSpace from input source - after move - no results",
+ testFunctionGenerator(new XRRay(), [pose_1], moved_pointer_transform_1, []),
+ fakeDeviceInitParams,
+ 'immersive-ar', { 'requiredFeatures': ['hit-test'] });
+
+const pose_2 = {
+ position: {x: -1.443, y: 1.0, z: -2.5, w: 1.0},
+ // Intersection point will be on the same height as the viewer, on the front
+ // wall. Distance from the front wall to viewer is 2.5m, and we are rotating
+ // to the left, so X coordinate of the intersection point will be negative
+ // & equal to -2.5 * tan(30 deg) ~= 1.443m.
+ orientation: {x: 0.5, y: 0.5, z: 0.5, w: 0.5 },
+ // See comment for pose_1.orientation for details.
+ // In this case, the hit test pose will have Y axis facing towards world's
+ // positive Z axis ([0,0,1]), Z axis to the right ([1,0,0]) and X axis
+ // towards world's Y axis ([0,1,0]).
+ // This is equivalent to the rotation around [1, 1, 1] vector by 120 degrees.
+};
+
+const moved_pointer_transform_2 = {
+ position: [0, 0, 0], // middle of the screen
+ orientation: [ 0, 0.2588, 0, 0.9659 ] // 30 degrees around Y axis = to the left,
+ // creating 30-60-90 triangle with the front wall
+};
+
+xr_session_promise_test("Ensures subscription to hit test works with an XRSpace from input source - after move - 1 result",
+ testFunctionGenerator(new XRRay(), [pose_1], moved_pointer_transform_2, [pose_2]),
+ fakeDeviceInitParams,
+ 'immersive-ar', { 'requiredFeatures': ['hit-test'] });
+
+</script>
diff --git a/tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_refSpaces.https.html b/tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_refSpaces.https.html
index d1ce3154e6c..ecdfab479c7 100644
--- a/tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_refSpaces.https.html
+++ b/tests/wpt/web-platform-tests/webxr/hit-test/ar_hittest_subscription_refSpaces.https.html
@@ -64,7 +64,7 @@ let testFunctionGenerator = function(ray, expectedPoses, refSpaceName) {
assert_equals(hitTestResults.length, expectedPoses.length, "Results length should match expected results length");
for(const [index, expectedPose] of expectedPoses.entries()) {
const pose = hitTestResults[index].getPose(localRefSpace);
- assert_true(pose != null, "Each hit test result should have a pose in viewer space");
+ assert_true(pose != null, "Each hit test result should have a pose in local space");
if(expectedPose != null) {
assert_transform_approx_equals(pose.transform, expectedPose);
}