Add support for Upgrade request to a potentially trustworthy URL. (#34986)

* Add support for Upgrade request to a potentially trustworthy URL.

Signed-off-by: Shubham Gupta <shubham13297@gmail.com>

* script: Support inheritable insecure request policy in documents and workers.

Signed-off-by: Josh Matthews <josh@joshmatthews.net>

---------

Signed-off-by: Shubham Gupta <shubham13297@gmail.com>
Signed-off-by: Josh Matthews <josh@joshmatthews.net>
Co-authored-by: Shubham Gupta <shubham.gupta@chromium.org>
Co-authored-by: Josh Matthews <josh@joshmatthews.net>

components/constellation/constellation.rs

@@ -1350,6 +1350,7 @@ where
                     Referrer::NoReferrer,
                     ReferrerPolicy::EmptyString,
                     None,
+                    None,
                 );
                 let ctx_id = BrowsingContextId::from(top_level_browsing_context_id);
                 let pipeline_id = match self.browsing_contexts.get(&ctx_id) {
@@ -2976,6 +2977,7 @@ where
             Referrer::NoReferrer,
             ReferrerPolicy::EmptyString,
             None,
+            None,
         );
         let sandbox = IFrameSandboxState::IFrameUnsandboxed;
         let is_private = false;

components/net/fetch/methods.rs

@@ -14,17 +14,17 @@ use crossbeam_channel::Sender;
 use devtools_traits::DevtoolsControlMsg;
 use headers::{AccessControlExposeHeaders, ContentType, HeaderMapExt};
 use http::header::{self, HeaderMap, HeaderName};
-use http::{Method, StatusCode};
+use http::{HeaderValue, Method, StatusCode};
 use ipc_channel::ipc;
-use log::warn;
+use log::{debug, trace, warn};
 use mime::{self, Mime};
 use net_traits::filemanager_thread::{FileTokenCheck, RelativePos};
 use net_traits::http_status::HttpStatus;
 use net_traits::policy_container::{PolicyContainer, RequestPolicyContainer};
 use net_traits::request::{
     is_cors_safelisted_method, is_cors_safelisted_request_header, BodyChunkRequest,
-    BodyChunkResponse, CredentialsMode, Destination, Origin, RedirectMode, Referrer, Request,
+    BodyChunkResponse, CredentialsMode, Destination, InsecureRequestsPolicy, Origin, RedirectMode,
-    RequestMode, ResponseTainting, Window,
+    Referrer, Request, RequestMode, ResponseTainting, Window,
 };
 use net_traits::response::{Response, ResponseBody, ResponseType};
 use net_traits::{
@@ -251,8 +251,32 @@ pub async fn main_fetch(
     // Step 3.
     // TODO: handle request abort.
 
-    // Step 4.
+    // Step 4. Upgrade request to a potentially trustworthy URL, if appropriate.
-    // TODO: handle upgrade to a potentially secure URL.
+    if should_upgrade_request_to_potentially_trustworty(request, context) {
+        trace!(
+            "upgrading {} targeting {:?}",
+            request.current_url(),
+            request.destination
+        );
+        if let Some(new_scheme) = match request.current_url().scheme() {
+            "http" => Some("https"),
+            "ws" => Some("wss"),
+            _ => None,
+        } {
+            request
+                .current_url_mut()
+                .as_mut_url()
+                .set_scheme(new_scheme)
+                .unwrap();
+        }
+    } else {
+        trace!(
+            "not upgrading {} targeting {:?} with {:?}",
+            request.current_url(),
+            request.destination,
+            request.insecure_requests_policy
+        );
+    }
 
     // Step 5.
     if should_be_blocked_due_to_bad_port(&request.current_url()) {
@@ -881,3 +905,62 @@ fn is_bad_port(port: u16) -> bool {
 
     BAD_PORTS.binary_search(&port).is_ok()
 }
+
+// TODO : Investigate and need to revisit again
+pub fn is_form_submission_request(request: &Request) -> bool {
+    let content_type = request.headers.typed_get::<ContentType>();
+    content_type.is_some_and(|ct| {
+        let mime: Mime = ct.into();
+        mime.type_() == mime::APPLICATION && mime.subtype() == mime::WWW_FORM_URLENCODED
+    })
+}
+
+/// <https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request>
+fn should_upgrade_request_to_potentially_trustworty(
+    request: &mut Request,
+    context: &FetchContext,
+) -> bool {
+    fn should_upgrade_navigation_request(request: &Request) -> bool {
+        // Step 2.1 If request is a form submission, skip the remaining substeps, and continue upgrading request.
+        if is_form_submission_request(request) {
+            return true;
+        }
+
+        // Step 2.2
+        // TODO If request’s client's target browsing context is a nested browsing context
+
+        // Step 2.4
+        // TODO : check for insecure navigation set after its implemention
+
+        // Step 2.5 Return without further modifying request
+        false
+    }
+
+    // Step 1. If request is a navigation request,
+    if request.is_navigation_request() {
+        // Append a header named Upgrade-Insecure-Requests with a value of 1 to
+        // request’s header list if any of the following criteria are met:
+        // * request’s URL is not a potentially trustworthy URL
+        // * request’s URL's host is not a preloadable HSTS host
+        if !request.current_url().is_origin_trustworthy() ||
+            !context
+                .state
+                .hsts_list
+                .read()
+                .unwrap()
+                .is_host_secure(request.current_url().host_str().unwrap())
+        {
+            debug!("Appending the Upgrade-Insecure-Requests header to request’s header list");
+            request
+                .headers
+                .insert("Upgrade-Insecure-Requests", HeaderValue::from_static("1"));
+        }
+
+        if !should_upgrade_navigation_request(request) {
+            return false;
+        }
+    }
+
+    // Step 4
+    request.insecure_requests_policy == InsecureRequestsPolicy::Upgrade
+}

components/net/tests/http_loader.rs

@@ -171,6 +171,7 @@ fn test_check_default_headers_loaded_in_every_request() {
         HeaderName::from_static("sec-fetch-user"),
         HeaderValue::from_static("?1"),
     );
+    headers.insert("Upgrade-Insecure-Requests", HeaderValue::from_static("1"));
 
     *expected_headers.lock().unwrap() = Some(headers.clone());
 
@@ -325,6 +326,7 @@ fn test_request_and_response_data_with_network_messages() {
         HeaderName::from_static("sec-fetch-user"),
         HeaderValue::from_static("?1"),
     );
+    headers.insert("Upgrade-Insecure-Requests", HeaderValue::from_static("1"));
 
     let httprequest = DevtoolsHttpRequest {
         url: url,

components/script/dom/dedicatedworkerglobalscope.rs

@@ -17,7 +17,8 @@ use js::jsval::UndefinedValue;
 use js::rust::{CustomAutoRooter, CustomAutoRooterGuard, HandleValue};
 use net_traits::image_cache::ImageCache;
 use net_traits::request::{
-    CredentialsMode, Destination, ParserMetadata, Referrer, RequestBuilder, RequestMode,
+    CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata, Referrer, RequestBuilder,
+    RequestMode,
 };
 use net_traits::IpcSend;
 use script_traits::{WorkerGlobalScopeInit, WorkerScriptLoadOrigin};
@@ -256,6 +257,7 @@ impl DedicatedWorkerGlobalScope {
         browsing_context: Option<BrowsingContextId>,
         #[cfg(feature = "webgpu")] gpu_id_hub: Arc<IdentityHub>,
         control_receiver: Receiver<DedicatedWorkerControlMsg>,
+        insecure_requests_policy: InsecureRequestsPolicy,
     ) -> DedicatedWorkerGlobalScope {
         DedicatedWorkerGlobalScope {
             workerglobalscope: WorkerGlobalScope::new_inherited(
@@ -268,6 +270,7 @@ impl DedicatedWorkerGlobalScope {
                 closing,
                 #[cfg(feature = "webgpu")]
                 gpu_id_hub,
+                insecure_requests_policy,
             ),
             task_queue: TaskQueue::new(receiver, own_sender.clone()),
             own_sender,
@@ -295,6 +298,7 @@ impl DedicatedWorkerGlobalScope {
         browsing_context: Option<BrowsingContextId>,
         #[cfg(feature = "webgpu")] gpu_id_hub: Arc<IdentityHub>,
         control_receiver: Receiver<DedicatedWorkerControlMsg>,
+        insecure_requests_policy: InsecureRequestsPolicy,
     ) -> DomRoot<DedicatedWorkerGlobalScope> {
         let cx = runtime.cx();
         let scope = Box::new(DedicatedWorkerGlobalScope::new_inherited(
@@ -313,6 +317,7 @@ impl DedicatedWorkerGlobalScope {
             #[cfg(feature = "webgpu")]
             gpu_id_hub,
             control_receiver,
+            insecure_requests_policy,
         ));
         unsafe { DedicatedWorkerGlobalScopeBinding::Wrap(SafeJSContext::from_ptr(cx), scope) }
     }
@@ -336,6 +341,7 @@ impl DedicatedWorkerGlobalScope {
         #[cfg(feature = "webgpu")] gpu_id_hub: Arc<IdentityHub>,
         control_receiver: Receiver<DedicatedWorkerControlMsg>,
         context_sender: Sender<ThreadSafeJSContext>,
+        insecure_requests_policy: InsecureRequestsPolicy,
     ) -> JoinHandle<()> {
         let serialized_worker_url = worker_url.to_string();
         let top_level_browsing_context_id = TopLevelBrowsingContextId::installed();
@@ -377,6 +383,8 @@ impl DedicatedWorkerGlobalScope {
                 .use_url_credentials(true)
                 .pipeline_id(Some(pipeline_id))
                 .referrer_policy(referrer_policy)
+                .referrer_policy(referrer_policy)
+                .insecure_requests_policy(insecure_requests_policy)
                 .origin(origin);
 
                 let runtime = unsafe {
@@ -428,6 +436,7 @@ impl DedicatedWorkerGlobalScope {
                     #[cfg(feature = "webgpu")]
                     gpu_id_hub,
                     control_receiver,
+                    insecure_requests_policy,
                 );
                 // FIXME(njn): workers currently don't have a unique ID suitable for using in reporter
                 // registration (#6631), so we instead use a random number and cross our fingers.

components/script/dom/document.rs

@@ -18,7 +18,7 @@ use base::cross_process_instant::CrossProcessInstant;
 use base::id::WebViewId;
 use canvas_traits::webgl::{self, WebGLContextId, WebGLMsg};
 use chrono::Local;
-use content_security_policy::{self as csp, CspList};
+use content_security_policy::{self as csp, CspList, PolicyDisposition};
 use cookie::Cookie;
 use cssparser::match_ignore_ascii_case;
 use devtools_traits::ScriptToDevtoolsControlMsg;
@@ -41,7 +41,7 @@ use metrics::{
 use mime::{self, Mime};
 use net_traits::policy_container::PolicyContainer;
 use net_traits::pub_domains::is_pub_domain;
-use net_traits::request::RequestBuilder;
+use net_traits::request::{InsecureRequestsPolicy, RequestBuilder};
 use net_traits::response::HttpsState;
 use net_traits::CookieSource::NonHTTP;
 use net_traits::CoreResourceMsg::{GetCookiesForUrl, SetCookiesForUrl};
@@ -506,6 +506,9 @@ pub(crate) struct Document {
     status_code: Option<u16>,
     /// <https://html.spec.whatwg.org/multipage/#is-initial-about:blank>
     is_initial_about_blank: Cell<bool>,
+    /// <https://w3c.github.io/webappsec-upgrade-insecure-requests/#insecure-requests-policy>
+    #[no_trace]
+    inherited_insecure_requests_policy: Cell<Option<InsecureRequestsPolicy>>,
 }
 
 #[allow(non_snake_case)]
@@ -2355,9 +2358,10 @@ impl Document {
     pub(crate) fn fetch<Listener: FetchResponseListener + PreInvoke + Send + 'static>(
         &self,
         load: LoadType,
-        request: RequestBuilder,
+        mut request: RequestBuilder,
         listener: Listener,
     ) {
+        request = request.insecure_requests_policy(self.insecure_requests_policy());
         let callback = NetworkListener {
             context: std::sync::Arc::new(Mutex::new(listener)),
             task_source: self
@@ -2373,9 +2377,10 @@ impl Document {
 
     pub(crate) fn fetch_background<Listener: FetchResponseListener + PreInvoke + Send + 'static>(
         &self,
-        request: RequestBuilder,
+        mut request: RequestBuilder,
         listener: Listener,
     ) {
+        request = request.insecure_requests_policy(self.insecure_requests_policy());
         let callback = NetworkListener {
             context: std::sync::Arc::new(Mutex::new(listener)),
             task_source: self
@@ -3438,6 +3443,7 @@ impl Document {
         status_code: Option<u16>,
         canceller: FetchCanceller,
         is_initial_about_blank: bool,
+        inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
     ) -> Document {
         let url = url.unwrap_or_else(|| ServoUrl::parse("about:blank").unwrap());
 
@@ -3587,9 +3593,27 @@ impl Document {
             visibility_state: Cell::new(DocumentVisibilityState::Hidden),
             status_code,
             is_initial_about_blank: Cell::new(is_initial_about_blank),
+            inherited_insecure_requests_policy: Cell::new(inherited_insecure_requests_policy),
         }
     }
 
+    /// Returns a policy value that should be used for fetches initiated by this document.
+    pub(crate) fn insecure_requests_policy(&self) -> InsecureRequestsPolicy {
+        if let Some(csp_list) = self.get_csp_list() {
+            for policy in &csp_list.0 {
+                if policy.contains_a_directive_whose_name_is("upgrade-insecure-requests") &&
+                    policy.disposition == PolicyDisposition::Enforce
+                {
+                    return InsecureRequestsPolicy::Upgrade;
+                }
+            }
+        }
+
+        self.inherited_insecure_requests_policy
+            .get()
+            .unwrap_or(InsecureRequestsPolicy::DoNotUpgrade)
+    }
+
     /// Note a pending compositor event, to be processed at the next `update_the_rendering` task.
     pub(crate) fn note_pending_compositor_event(&self, event: CompositorEvent) {
         let mut pending_compositor_events = self.pending_compositor_events.borrow_mut();
@@ -3702,6 +3726,7 @@ impl Document {
         status_code: Option<u16>,
         canceller: FetchCanceller,
         is_initial_about_blank: bool,
+        inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
         can_gc: CanGc,
     ) -> DomRoot<Document> {
         Self::new_with_proto(
@@ -3720,6 +3745,7 @@ impl Document {
             status_code,
             canceller,
             is_initial_about_blank,
+            inherited_insecure_requests_policy,
             can_gc,
         )
     }
@@ -3741,6 +3767,7 @@ impl Document {
         status_code: Option<u16>,
         canceller: FetchCanceller,
         is_initial_about_blank: bool,
+        inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
         can_gc: CanGc,
     ) -> DomRoot<Document> {
         let document = reflect_dom_object_with_proto(
@@ -3759,6 +3786,7 @@ impl Document {
                 status_code,
                 canceller,
                 is_initial_about_blank,
+                inherited_insecure_requests_policy,
             )),
             window,
             proto,
@@ -3890,6 +3918,7 @@ impl Document {
                     None,
                     Default::default(),
                     false,
+                    Some(self.insecure_requests_policy()),
                     can_gc,
                 );
                 new_doc
@@ -4454,6 +4483,7 @@ impl DocumentMethods<crate::DomTypeHolder> for Document {
             None,
             Default::default(),
             false,
+            Some(doc.insecure_requests_policy()),
             can_gc,
         ))
     }

components/script/dom/domimplementation.rs

@@ -105,6 +105,7 @@ impl DOMImplementationMethods<crate::DomTypeHolder> for DOMImplementation {
             DocumentActivity::Inactive,
             DocumentSource::NotFromParser,
             loader,
+            Some(self.document.insecure_requests_policy()),
         );
         // Step 2-3.
         let maybe_elem = if qname.is_empty() {
@@ -165,6 +166,7 @@ impl DOMImplementationMethods<crate::DomTypeHolder> for DOMImplementation {
             None,
             Default::default(),
             false,
+            Some(self.document.insecure_requests_policy()),
             can_gc,
         );
 

components/script/dom/domparser.rs

@@ -88,6 +88,7 @@ impl DOMParserMethods<crate::DomTypeHolder> for DOMParser {
                     None,
                     Default::default(),
                     false,
+                    Some(doc.insecure_requests_policy()),
                     can_gc,
                 );
                 ServoParser::parse_html_document(&document, Some(s), url, can_gc);
@@ -110,6 +111,7 @@ impl DOMParserMethods<crate::DomTypeHolder> for DOMParser {
                     None,
                     Default::default(),
                     false,
+                    Some(doc.insecure_requests_policy()),
                     can_gc,
                 );
                 ServoParser::parse_xml_document(&document, Some(s), url, can_gc);

components/script/dom/eventsource.rs

@@ -560,6 +560,7 @@ impl EventSourceMethods<crate::DomTypeHolder> for EventSource {
             Some(cors_attribute_state),
             Some(true),
             global.get_referrer(),
+            global.insecure_requests_policy(),
         )
         .origin(global.origin().immutable().clone())
         .pipeline_id(Some(global.pipeline_id()));

components/script/dom/globalscope.rs

@@ -48,7 +48,7 @@ use net_traits::filemanager_thread::{
 };
 use net_traits::image_cache::ImageCache;
 use net_traits::policy_container::PolicyContainer;
-use net_traits::request::{Referrer, RequestBuilder};
+use net_traits::request::{InsecureRequestsPolicy, Referrer, RequestBuilder};
 use net_traits::response::HttpsState;
 use net_traits::{
     fetch_async, CoreResourceMsg, CoreResourceThread, FetchResponseListener, IpcSend,
@@ -2379,6 +2379,18 @@ impl GlobalScope {
         self.downcast::<Window>().expect("expected a Window scope")
     }
 
+    /// Returns a policy that should be used for fetches initiated from this global.
+    pub(crate) fn insecure_requests_policy(&self) -> InsecureRequestsPolicy {
+        if let Some(window) = self.downcast::<Window>() {
+            return window.Document().insecure_requests_policy();
+        }
+        if let Some(worker) = self.downcast::<WorkerGlobalScope>() {
+            return worker.insecure_requests_policy();
+        }
+        debug!("unsupported global, defaulting insecure requests policy to DoNotUpgrade");
+        InsecureRequestsPolicy::DoNotUpgrade
+    }
+
     /// <https://html.spec.whatwg.org/multipage/#report-the-error>
     pub(crate) fn report_an_error(&self, error_info: ErrorInfo, value: HandleValue, can_gc: CanGc) {
         // Step 1.

components/script/dom/htmlformelement.rs

@@ -858,6 +858,7 @@ impl HTMLFormElement {
             target_window.as_global_scope().get_referrer(),
             target_document.get_referrer_policy(),
             Some(target_window.as_global_scope().is_secure_context()),
+            Some(target_document.insecure_requests_policy()),
         );
 
         // Step 22

components/script/dom/htmliframeelement.rs

@@ -267,6 +267,7 @@ impl HTMLIFrameElement {
                 window.as_global_scope().get_referrer(),
                 document.get_referrer_policy(),
                 Some(window.as_global_scope().is_secure_context()),
+                Some(document.insecure_requests_policy()),
             );
             let element = self.upcast::<Element>();
             load_data.srcdoc = String::from(element.get_string_attribute(&local_name!("srcdoc")));
@@ -357,6 +358,7 @@ impl HTMLIFrameElement {
             window.as_global_scope().get_referrer(),
             referrer_policy,
             Some(window.as_global_scope().is_secure_context()),
+            Some(document.insecure_requests_policy()),
         );
 
         let pipeline_id = self.pipeline_id();
@@ -401,6 +403,7 @@ impl HTMLIFrameElement {
             window.as_global_scope().get_referrer(),
             document.get_referrer_policy(),
             Some(window.as_global_scope().is_secure_context()),
+            Some(document.insecure_requests_policy()),
         );
         let browsing_context_id = BrowsingContextId::new();
         let top_level_browsing_context_id = window.window_proxy().top_level_browsing_context_id();

components/script/dom/htmlimageelement.rs

@@ -423,6 +423,7 @@ impl HTMLImageElement {
             cors_setting_for_element(self.upcast()),
             None,
             document.global().get_referrer(),
+            document.insecure_requests_policy(),
         )
         .origin(document.origin().immutable().clone())
         .pipeline_id(Some(document.global().pipeline_id()))

components/script/dom/htmllinkelement.rs

@@ -14,7 +14,8 @@ use html5ever::{local_name, namespace_url, ns, LocalName, Prefix};
 use js::rust::HandleObject;
 use net_traits::policy_container::PolicyContainer;
 use net_traits::request::{
-    CorsSettings, Destination, Initiator, Referrer, RequestBuilder, RequestId,
+    CorsSettings, Destination, Initiator, InsecureRequestsPolicy, Referrer, RequestBuilder,
+    RequestId,
 };
 use net_traits::{
     FetchMetadata, FetchResponseListener, NetworkError, ReferrerPolicy, ResourceFetchTiming,
@@ -78,6 +79,7 @@ struct LinkProcessingOptions {
     policy_container: PolicyContainer,
     source_set: Option<()>,
     base_url: ServoUrl,
+    insecure_requests_policy: InsecureRequestsPolicy,
     // Some fields that we don't need yet are missing
 }
 
@@ -326,6 +328,7 @@ impl HTMLLinkElement {
             policy_container: document.policy_container().to_owned(),
             source_set: None, // FIXME
             base_url: document.borrow().base_url(),
+            insecure_requests_policy: document.insecure_requests_policy(),
         };
 
         // Step 3. If el has an href attribute, then set options's href to the value of el's href attribute.
@@ -658,6 +661,7 @@ impl LinkProcessingOptions {
             self.cross_origin,
             None,
             Referrer::NoReferrer,
+            self.insecure_requests_policy,
         )
         .integrity_metadata(self.integrity)
         .policy_container(self.policy_container)

components/script/dom/htmlmediaelement.rs

@@ -891,6 +891,7 @@ impl HTMLMediaElement {
             cors_setting,
             None,
             self.global().get_referrer(),
+            document.insecure_requests_policy(),
         )
         .headers(headers)
         .origin(document.origin().immutable().clone())

components/script/dom/htmlscriptelement.rs

@@ -21,7 +21,8 @@ use js::jsval::UndefinedValue;
 use js::rust::{transform_str_to_source_text, CompileOptionsWrapper, HandleObject, Stencil};
 use net_traits::http_status::HttpStatus;
 use net_traits::request::{
-    CorsSettings, CredentialsMode, Destination, ParserMetadata, RequestBuilder, RequestId,
+    CorsSettings, CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata,
+    RequestBuilder, RequestId,
 };
 use net_traits::{
     FetchMetadata, FetchResponseListener, Metadata, NetworkError, ResourceFetchTiming,
@@ -548,6 +549,7 @@ pub(crate) fn script_fetch_request(
     origin: ImmutableOrigin,
     pipeline_id: PipelineId,
     options: ScriptFetchOptions,
+    insecure_requests_policy: InsecureRequestsPolicy,
 ) -> RequestBuilder {
     // We intentionally ignore options' credentials_mode member for classic scripts.
     // The mode is initialized by create_a_potential_cors_request.
@@ -558,6 +560,7 @@ pub(crate) fn script_fetch_request(
         cors_setting,
         None,
         options.referrer,
+        insecure_requests_policy,
     )
     .origin(origin)
     .pipeline_id(Some(pipeline_id))
@@ -584,6 +587,7 @@ fn fetch_a_classic_script(
         doc.origin().immutable().clone(),
         script.global().pipeline_id(),
         options.clone(),
+        doc.insecure_requests_policy(),
     );
     let request = doc.prepare_request(request);
 

components/script/dom/location.rs

@@ -129,6 +129,7 @@ impl Location {
             referrer,
             referrer_policy,
             None, // Top navigation doesn't inherit secure context
+            Some(source_document.insecure_requests_policy()),
         );
         self.window
             .load_url(history_handling, reload_triggered, load_data, can_gc);

components/script/dom/node.rs

@@ -2490,6 +2490,7 @@ impl Node {
                     document.status_code(),
                     Default::default(),
                     false,
+                    Some(document.insecure_requests_policy()),
                     can_gc,
                 );
                 DomRoot::upcast::<Node>(document)

components/script/dom/request.rs

@@ -112,6 +112,7 @@ fn net_request_from_global(global: &GlobalScope, url: ServoUrl) -> NetTraitsRequ
         .origin(global.get_url().origin())
         .pipeline_id(Some(global.pipeline_id()))
         .https_state(global.get_https_state())
+        .insecure_requests_policy(global.insecure_requests_policy())
         .build()
 }
 

components/script/dom/serviceworkerglobalscope.rs

@@ -15,7 +15,9 @@ use ipc_channel::ipc::{IpcReceiver, IpcSender};
 use ipc_channel::router::ROUTER;
 use js::jsapi::{JSContext, JS_AddInterruptCallback};
 use js::jsval::UndefinedValue;
-use net_traits::request::{CredentialsMode, Destination, ParserMetadata, Referrer, RequestBuilder};
+use net_traits::request::{
+    CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata, Referrer, RequestBuilder,
+};
 use net_traits::{CustomResponseMediator, IpcSend};
 use script_traits::{ScopeThings, ServiceWorkerMsg, WorkerGlobalScopeInit, WorkerScriptLoadOrigin};
 use servo_config::pref;
@@ -224,6 +226,8 @@ impl ServiceWorkerGlobalScope {
                 closing,
                 #[cfg(feature = "webgpu")]
                 Arc::new(IdentityHub::default()),
+                InsecureRequestsPolicy::DoNotUpgrade, // FIXME: investigate what environment this value comes from for
+                                                      // service workers.
             ),
             task_queue: TaskQueue::new(receiver, own_sender.clone()),
             own_sender,
@@ -341,6 +345,7 @@ impl ServiceWorkerGlobalScope {
                     .use_url_credentials(true)
                     .pipeline_id(Some(pipeline_id))
                     .referrer_policy(referrer_policy)
+                    .insecure_requests_policy(scope.insecure_requests_policy())
                     .origin(origin);
 
                 let (_url, source) = match load_whole_resource(

components/script/dom/servoparser/mod.rs

@@ -216,6 +216,7 @@ impl ServoParser {
             None,
             Default::default(),
             false,
+            Some(context_document.insecure_requests_policy()),
             can_gc,
         );
 

components/script/dom/servoparser/prefetch.rs

@@ -13,7 +13,9 @@ use html5ever::tokenizer::{
 };
 use html5ever::{local_name, Attribute, LocalName};
 use js::jsapi::JSTracer;
-use net_traits::request::{CorsSettings, CredentialsMode, ParserMetadata, Referrer};
+use net_traits::request::{
+    CorsSettings, CredentialsMode, InsecureRequestsPolicy, ParserMetadata, Referrer,
+};
 use net_traits::{CoreResourceMsg, FetchChannels, IpcSend, ReferrerPolicy, ResourceThreads};
 use servo_url::{ImmutableOrigin, ServoUrl};
 
@@ -53,6 +55,7 @@ impl Tokenizer {
             // true after the first script tag, since that is what will
             // block the main parser.
             prefetching: Cell::new(false),
+            insecure_requests_policy: document.insecure_requests_policy(),
         };
         let options = Default::default();
         let inner = HtmlTokenizer::new(sink, options);
@@ -83,6 +86,8 @@ struct PrefetchSink {
     #[no_trace]
     resource_threads: ResourceThreads,
     prefetching: Cell<bool>,
+    #[no_trace]
+    insecure_requests_policy: InsecureRequestsPolicy,
 }
 
 /// The prefetch tokenizer produces trivial results
@@ -118,6 +123,7 @@ impl TokenSink for PrefetchSink {
                             credentials_mode: CredentialsMode::CredentialsSameOrigin,
                             parser_metadata: ParserMetadata::ParserInserted,
                         },
+                        self.insecure_requests_policy,
                     );
                     let _ = self
                         .resource_threads
@@ -135,6 +141,7 @@ impl TokenSink for PrefetchSink {
                         self.get_cors_settings(tag, local_name!("crossorigin")),
                         None,
                         self.referrer.clone(),
+                        self.insecure_requests_policy,
                     )
                     .origin(self.origin.clone())
                     .pipeline_id(Some(self.pipeline_id))
@@ -168,6 +175,7 @@ impl TokenSink for PrefetchSink {
                                 cors_setting,
                                 None,
                                 self.referrer.clone(),
+                                self.insecure_requests_policy,
                             )
                             .origin(self.origin.clone())
                             .pipeline_id(Some(self.pipeline_id))

components/script/dom/websocket.rs

@@ -257,6 +257,7 @@ impl WebSocketMethods<crate::DomTypeHolder> for WebSocket {
 
         let request = RequestBuilder::new(global.webview_id(), url_record, Referrer::NoReferrer)
             .origin(global.origin().immutable().clone())
+            .insecure_requests_policy(global.insecure_requests_policy())
             .mode(RequestMode::WebSocket { protocols });
 
         let channels = FetchChannels::WebSocket {

components/script/dom/windowproxy.rs

@@ -312,6 +312,7 @@ impl WindowProxy {
                 document.global().get_referrer(),
                 document.get_referrer_policy(),
                 None, // Doesn't inherit secure context
+                None,
             );
             let load_info = AuxiliaryBrowsingContextLoadInfo {
                 load_data: load_data.clone(),
@@ -524,6 +525,7 @@ impl WindowProxy {
                 referrer,
                 referrer_policy,
                 Some(secure),
+                Some(target_document.insecure_requests_policy()),
             );
             let history_handling = if new {
                 NavigationHistoryBehavior::Replace

components/script/dom/worker.rs

@@ -239,6 +239,7 @@ impl WorkerMethods<crate::DomTypeHolder> for Worker {
             global.wgpu_id_hub(),
             control_receiver,
             context_sender,
+            global.insecure_requests_policy(),
         );
 
         let context = context_receiver

components/script/dom/workerglobalscope.rs

@@ -20,7 +20,8 @@ use js::panic::maybe_resume_unwind;
 use js::rust::{HandleValue, MutableHandleValue, ParentRuntime};
 use net_traits::policy_container::PolicyContainer;
 use net_traits::request::{
-    CredentialsMode, Destination, ParserMetadata, RequestBuilder as NetRequestInit,
+    CredentialsMode, Destination, InsecureRequestsPolicy, ParserMetadata,
+    RequestBuilder as NetRequestInit,
 };
 use net_traits::IpcSend;
 use script_traits::WorkerGlobalScopeInit;
@@ -127,6 +128,9 @@ pub(crate) struct WorkerGlobalScope {
     /// Timers are handled in the service worker event loop.
     #[no_trace]
     timer_scheduler: RefCell<TimerScheduler>,
+
+    #[no_trace]
+    insecure_requests_policy: InsecureRequestsPolicy,
 }
 
 impl WorkerGlobalScope {
@@ -140,6 +144,7 @@ impl WorkerGlobalScope {
         devtools_receiver: Receiver<DevtoolScriptControlMsg>,
         closing: Arc<AtomicBool>,
         #[cfg(feature = "webgpu")] gpu_id_hub: Arc<IdentityHub>,
+        insecure_requests_policy: InsecureRequestsPolicy,
     ) -> Self {
         // Install a pipeline-namespace in the current thread.
         PipelineNamespace::auto_install();
@@ -181,9 +186,15 @@ impl WorkerGlobalScope {
             navigation_start: CrossProcessInstant::now(),
             performance: Default::default(),
             timer_scheduler: RefCell::default(),
+            insecure_requests_policy,
         }
     }
 
+    /// Returns a policy value that should be used by fetches initiated by this worker.
+    pub(crate) fn insecure_requests_policy(&self) -> InsecureRequestsPolicy {
+        self.insecure_requests_policy
+    }
+
     /// Clear various items when the worker event-loop shuts-down.
     pub(crate) fn clear_js_runtime(&self) {
         self.upcast::<GlobalScope>()
@@ -288,6 +299,7 @@ impl WorkerGlobalScopeMethods<crate::DomTypeHolder> for WorkerGlobalScope {
             .parser_metadata(ParserMetadata::NotParserInserted)
             .use_url_credentials(true)
             .origin(global_scope.origin().immutable().clone())
+            .insecure_requests_policy(self.insecure_requests_policy())
             .pipeline_id(Some(self.upcast::<GlobalScope>().pipeline_id()));
 
             let (url, source) = match fetch::load_whole_resource(

components/script/dom/xmldocument.rs

@@ -4,6 +4,7 @@
 
 use dom_struct::dom_struct;
 use mime::Mime;
+use net_traits::request::InsecureRequestsPolicy;
 use script_traits::DocumentActivity;
 use servo_url::{MutableOrigin, ServoUrl};
 
@@ -41,6 +42,7 @@ impl XMLDocument {
         activity: DocumentActivity,
         source: DocumentSource,
         doc_loader: DocumentLoader,
+        inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
     ) -> XMLDocument {
         XMLDocument {
             document: Document::new_inherited(
@@ -58,6 +60,7 @@ impl XMLDocument {
                 None,
                 Default::default(),
                 false,
+                inherited_insecure_requests_policy,
             ),
         }
     }
@@ -74,6 +77,7 @@ impl XMLDocument {
         activity: DocumentActivity,
         source: DocumentSource,
         doc_loader: DocumentLoader,
+        inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
     ) -> DomRoot<XMLDocument> {
         let doc = reflect_dom_object(
             Box::new(XMLDocument::new_inherited(
@@ -87,6 +91,7 @@ impl XMLDocument {
                 activity,
                 source,
                 doc_loader,
+                inherited_insecure_requests_policy,
             )),
             window,
             CanGc::note(),

components/script/dom/xmlhttprequest.rs

@@ -692,6 +692,7 @@ impl XMLHttpRequestMethods<crate::DomTypeHolder> for XMLHttpRequest {
         .use_url_credentials(use_url_credentials)
         .origin(self.global().origin().immutable().clone())
         .referrer_policy(self.referrer_policy)
+        .insecure_requests_policy(self.global().insecure_requests_policy())
         .pipeline_id(Some(self.global().pipeline_id()));
 
         // step 4 (second half)
@@ -1508,6 +1509,7 @@ impl XMLHttpRequest {
             None,
             Default::default(),
             false,
+            Some(doc.insecure_requests_policy()),
             can_gc,
         )
     }

components/script/fetch.rs

@@ -9,8 +9,8 @@ use base::id::WebViewId;
 use ipc_channel::ipc;
 use net_traits::policy_container::RequestPolicyContainer;
 use net_traits::request::{
-    CorsSettings, CredentialsMode, Destination, Referrer, Request as NetTraitsRequest,
+    CorsSettings, CredentialsMode, Destination, InsecureRequestsPolicy, Referrer,
-    RequestBuilder, RequestId, RequestMode, ServiceWorkersMode,
+    Request as NetTraitsRequest, RequestBuilder, RequestId, RequestMode, ServiceWorkersMode,
 };
 use net_traits::{
     cancel_async_fetch, CoreResourceMsg, CoreResourceThread, FetchChannels, FetchMetadata,
@@ -121,6 +121,7 @@ fn request_init_from_request(request: NetTraitsRequest) -> RequestBuilder {
         parser_metadata: request.parser_metadata,
         initiator: request.initiator,
         policy_container: request.policy_container,
+        insecure_requests_policy: request.insecure_requests_policy,
         https_state: request.https_state,
         response_tainting: request.response_tainting,
         crash: None,
@@ -373,6 +374,7 @@ pub(crate) fn create_a_potential_cors_request(
     cors_setting: Option<CorsSettings>,
     same_origin_fallback: Option<bool>,
     referrer: Referrer,
+    insecure_requests_policy: InsecureRequestsPolicy,
 ) -> RequestBuilder {
     RequestBuilder::new(webview_id, url, referrer)
         // https://html.spec.whatwg.org/multipage/#create-a-potential-cors-request
@@ -391,4 +393,5 @@ pub(crate) fn create_a_potential_cors_request(
         // Step 5
         .destination(destination)
         .use_url_credentials(true)
+        .insecure_requests_policy(insecure_requests_policy)
 }

components/script/links.rs

@@ -425,6 +425,7 @@ pub(crate) fn follow_hyperlink(
             referrer,
             referrer_policy,
             Some(secure),
+            Some(document.insecure_requests_policy()),
         );
         let target = Trusted::new(target_window);
         let task = task!(navigate_follow_hyperlink: move || {

components/script/navigation.rs

@@ -13,7 +13,9 @@ use base::id::{BrowsingContextId, PipelineId, TopLevelBrowsingContextId};
 use content_security_policy::Destination;
 use crossbeam_channel::Sender;
 use http::header;
-use net_traits::request::{CredentialsMode, RedirectMode, RequestBuilder, RequestMode};
+use net_traits::request::{
+    CredentialsMode, InsecureRequestsPolicy, RedirectMode, RequestBuilder, RequestMode,
+};
 use net_traits::response::ResponseInit;
 use net_traits::{
     fetch_async, set_default_accept_language, BoxedFetchCallback, CoreResourceThread,
@@ -204,6 +206,11 @@ impl InProgressLoad {
         .use_url_credentials(true)
         .pipeline_id(Some(id))
         .referrer_policy(self.load_data.referrer_policy)
+        .insecure_requests_policy(
+            self.load_data
+                .inherited_insecure_requests_policy
+                .unwrap_or(InsecureRequestsPolicy::DoNotUpgrade),
+        )
         .headers(self.load_data.headers.clone())
         .body(self.load_data.data.clone())
         .redirect_mode(RedirectMode::Manual)

components/script/script_thread.rs

@@ -3233,6 +3233,7 @@ impl ScriptThread {
             Some(metadata.status.raw_code()),
             incomplete.canceller,
             is_initial_about_blank,
+            incomplete.load_data.inherited_insecure_requests_policy,
             can_gc,
         );
 

components/script/stylesheet_loader.rs

@@ -350,6 +350,7 @@ impl StylesheetLoader<'_> {
             cors_setting,
             None,
             self.elem.global().get_referrer(),
+            document.insecure_requests_policy(),
         )
         .origin(document.origin().immutable().clone())
         .pipeline_id(Some(self.elem.global().pipeline_id()))

components/shared/net/request.rs

@@ -233,6 +233,12 @@ impl RequestBody {
     }
 }
 
+#[derive(Clone, Copy, Debug, Deserialize, MallocSizeOf, PartialEq, Serialize)]
+pub enum InsecureRequestsPolicy {
+    DoNotUpgrade,
+    Upgrade,
+}
+
 #[derive(Clone, Debug, Deserialize, MallocSizeOf, Serialize)]
 pub struct RequestBuilder {
     pub id: RequestId,
@@ -262,6 +268,7 @@ pub struct RequestBuilder {
     pub use_url_credentials: bool,
     pub origin: ImmutableOrigin,
     pub policy_container: RequestPolicyContainer,
+    pub insecure_requests_policy: InsecureRequestsPolicy,
     // XXXManishearth these should be part of the client object
     pub referrer: Referrer,
     pub referrer_policy: ReferrerPolicy,
@@ -298,6 +305,7 @@ impl RequestBuilder {
             use_url_credentials: false,
             origin: ImmutableOrigin::new_opaque(),
             policy_container: RequestPolicyContainer::default(),
+            insecure_requests_policy: InsecureRequestsPolicy::DoNotUpgrade,
             referrer,
             referrer_policy: ReferrerPolicy::EmptyString,
             pipeline_id: None,
@@ -418,6 +426,14 @@ impl RequestBuilder {
         self
     }
 
+    pub fn insecure_requests_policy(
+        mut self,
+        insecure_requests_policy: InsecureRequestsPolicy,
+    ) -> RequestBuilder {
+        self.insecure_requests_policy = insecure_requests_policy;
+        self
+    }
+
     pub fn build(self) -> Request {
         let mut request = Request::new(
             self.id,
@@ -454,6 +470,7 @@ impl RequestBuilder {
         request.response_tainting = self.response_tainting;
         request.crash = self.crash;
         request.policy_container = self.policy_container;
+        request.insecure_requests_policy = self.insecure_requests_policy;
         request
     }
 }
@@ -525,6 +542,8 @@ pub struct Request {
     pub parser_metadata: ParserMetadata,
     /// <https://fetch.spec.whatwg.org/#concept-request-policy-container>
     pub policy_container: RequestPolicyContainer,
+    /// <https://w3c.github.io/webappsec-upgrade-insecure-requests/#insecure-requests-policy>
+    pub insecure_requests_policy: InsecureRequestsPolicy,
     pub https_state: HttpsState,
     /// Servo internal: if crash details are present, trigger a crash error page with these details.
     pub crash: Option<String>,
@@ -570,6 +589,7 @@ impl Request {
             redirect_count: 0,
             response_tainting: ResponseTainting::Basic,
             policy_container: RequestPolicyContainer::Client,
+            insecure_requests_policy: InsecureRequestsPolicy::DoNotUpgrade,
             https_state,
             crash: None,
         }
@@ -592,7 +612,14 @@ impl Request {
 
     /// <https://fetch.spec.whatwg.org/#navigation-request>
     pub fn is_navigation_request(&self) -> bool {
-        self.destination == Destination::Document
+        matches!(
+            self.destination,
+            Destination::Document |
+                Destination::Embed |
+                Destination::Frame |
+                Destination::IFrame |
+                Destination::Object
+        )
     }
 
     /// <https://fetch.spec.whatwg.org/#subresource-request>

components/shared/script/lib.rs

@@ -48,7 +48,7 @@ use malloc_size_of::malloc_size_of_is_0;
 use malloc_size_of_derive::MallocSizeOf;
 use media::WindowGLContext;
 use net_traits::image_cache::ImageCache;
-use net_traits::request::{Referrer, RequestBody};
+use net_traits::request::{InsecureRequestsPolicy, Referrer, RequestBody};
 use net_traits::storage_thread::StorageType;
 use net_traits::{ReferrerPolicy, ResourceThreads};
 use pixels::{Image, PixelFormat};
@@ -163,6 +163,8 @@ pub struct LoadData {
     pub srcdoc: String,
     /// The inherited context is Secure, None if not inherited
     pub inherited_secure_context: Option<bool>,
+    /// The inherited policy for upgrading insecure requests; None if not inherited.
+    pub inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
 
     /// Servo internal: if crash details are present, trigger a crash error page with these details.
     pub crash: Option<String>,
@@ -187,6 +189,7 @@ impl LoadData {
         referrer: Referrer,
         referrer_policy: ReferrerPolicy,
         inherited_secure_context: Option<bool>,
+        inherited_insecure_requests_policy: Option<InsecureRequestsPolicy>,
     ) -> LoadData {
         LoadData {
             load_origin,
@@ -201,6 +204,7 @@ impl LoadData {
             srcdoc: "".to_string(),
             inherited_secure_context,
             crash: None,
+            inherited_insecure_requests_policy,
         }
     }
 }

components/webdriver_server/lib.rs

@@ -669,6 +669,7 @@ impl Handler {
             Referrer::NoReferrer,
             ReferrerPolicy::EmptyString,
             None,
+            None,
         );
         let cmd_msg = WebDriverCommandMsg::LoadUrl(
             top_level_browsing_context_id,

tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/fetch.https.html.ini

@@ -1,18 +0,0 @@
-[fetch.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/img-tag.https.html.ini

@@ -1,18 +0,0 @@
-[img-tag.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-https origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/worker-classic.https.html.ini

@@ -1,9 +0,0 @@
-[worker-classic.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/worker-module.https.html.ini

@@ -1,9 +0,0 @@
-[worker-module.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/iframe-blank-inherit.meta/upgrade/xhr.https.html.ini

@@ -1,18 +0,0 @@
-[xhr.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/fetch.https.html.ini

@@ -1,18 +0,0 @@
-[fetch.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/img-tag.https.html.ini

@@ -1,18 +0,0 @@
-[img-tag.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-https origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/worker-classic.https.html.ini

@@ -1,9 +0,0 @@
-[worker-classic.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/worker-module.https.html.ini

@@ -1,9 +0,0 @@
-[worker-module.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/srcdoc-inherit.meta/upgrade/xhr.https.html.ini

@@ -1,18 +0,0 @@
-[xhr.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/fetch.https.html.ini

@@ -1,18 +0,0 @@
-[fetch.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/img-tag.https.html.ini

@@ -1,18 +0,0 @@
-[img-tag.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-https origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/worker-classic.https.html.ini

@@ -1,9 +0,0 @@
-[worker-classic.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/worker-module.https.html.ini

@@ -1,9 +0,0 @@
-[worker-module.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/top.http-rp/upgrade/xhr.https.html.ini

@@ -1,18 +0,0 @@
-[xhr.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/fetch.https.html.ini

@@ -1,18 +0,0 @@
-[fetch.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/img-tag.https.html.ini

@@ -1,18 +0,0 @@
-[img-tag.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to cross-https origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for img-tag to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/worker-classic.https.html.ini

@@ -1,9 +0,0 @@
-[worker-classic.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-classic to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/worker-module.https.html.ini

@@ -1,9 +0,0 @@
-[worker-module.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for worker-module to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/top.meta/upgrade/xhr.https.html.ini

@@ -1,18 +0,0 @@
-[xhr.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic-data.meta/upgrade/fetch.https.html.ini

@@ -1,18 +0,0 @@
-[fetch.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to cross-https origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for fetch to same-https origin and downgrade redirection from https context.]
-    expected: FAIL

tests/wpt/meta/upgrade-insecure-requests/gen/worker-classic-data.meta/upgrade/xhr.https.html.ini

@@ -1,18 +0,0 @@
-[xhr.https.html]
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to cross-https origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and downgrade redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-http-downgrade origin and no-redirect redirection from https context.]
-    expected: FAIL
-
-  [Upgrade-Insecure-Requests: Expects allowed for xhr to same-https origin and downgrade redirection from https context.]
-    expected: FAIL