Update web-platform-tests to revision ddfc95cf0493ae147a4f6a4d7be8eff1a0c23098

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade.sub.https.html

@@ -0,0 +1,64 @@
+<!DOCTYPE html>
+<html>
+
+  <head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+  </head>
+
+  <body>
+    <script>
+      const test_data = [
+        {
+          url : './link-upgrade/basic-link-no-upgrade.sub.html',
+          done_message : 'basic-link-no-upgrade',
+        },
+        {
+          url : './link-upgrade/basic-link-upgrade.sub.html',
+          done_message : 'basic-link-upgrade',
+        },
+        {
+          url : './link-upgrade/iframe-link-upgrade.sub.html',
+          done_message : 'iframe-link-upgrade',
+        },
+        {
+          url : './link-upgrade/iframe-top-navigation-no-upgrade-1.sub.html',
+          done_message : 'iframe-top-navigation-no-upgrade-1',
+        },
+        {
+          url : './link-upgrade/iframe-top-navigation-no-upgrade-2.sub.html',
+          done_message : 'iframe-top-navigation-no-upgrade-2',
+        },
+        {
+          url : './link-upgrade/iframe-top-navigation-upgrade-1.sub.html',
+          done_message : 'iframe-top-navigation-upgrade-1',
+        },
+        {
+          url : './link-upgrade/iframe-top-navigation-upgrade-2.sub.html',
+          done_message : 'iframe-top-navigation-upgrade-2',
+        },
+        {
+          url : './link-upgrade/iframe-top-navigation-upgrade-meta.sub.html',
+          done_message : 'iframe-top-navigation-upgrade-meta',
+        },
+      ];
+      for(let i = 0; i<test_data.length; i+=1) {
+        let data = test_data[i];
+        let test = async_test(data.url);
+        test.step(function() {
+          let w = window.open(data.url, data.url);
+          this.add_cleanup(() => w.close());
+          assert_true(w != undefined, "Popup must not be blocked");
+
+          window.addEventListener("message", event => {
+            if (event.data == data.done_message)
+              test.done();
+          });
+        });
+
+        test.step_timeout(function(){test.force_timeout()}, 5000);
+      }
+    </script>
+  </body>
+
+</html>

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/basic-link-no-upgrade.sub.html

@@ -0,0 +1,19 @@
+<html>
+  <title>Upgrade Insecure Requests: link no upgrade.</title>
+  <head>
+    <script>
+      function click() {
+        document.getElementById("link").click();
+      }
+    </script>
+  </head>
+  <body onload="click()">
+    <!--
+    This is a bit of a hack. UPGRADE doesn't upgrade the port number. So if
+    the url is upgraded, the url becomes invalid (https over the http port).
+    The expected behavior is that the url is not upgraded and the page loads.
+    -->
+    <a id="link"
+      href="http://{{domains[www]}}:{{ports[http][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html?message=basic-link-no-upgrade"> Click me </a>
+  </body>
+</html>

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/basic-link-no-upgrade.sub.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/basic-link-upgrade.sub.html

@@ -0,0 +1,19 @@
+<html>
+  <title>Upgrade Insecure Requests: link upgrade.</title>
+  <head>
+    <script>
+      function click() {
+        document.getElementById("link").click();
+      }
+    </script>
+  </head>
+  <body onload="click()">
+    <!--
+    This is a bit of a hack. UPGRADE doesn't upgrade the port number, so we
+    specify this non-existent URL ('http' over https port). If UPGRADE doesn't
+    work, it won't load. The expected behavior is that the url is upgraded and
+    the page loads.
+    -->
+    <a id="link" href="http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html?message=basic-link-upgrade"> Click me </a>
+  </body>
+</html>

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/basic-link-upgrade.sub.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/iframe-link-upgrade.sub.html

@@ -0,0 +1,11 @@
+<!--
+  This document has set "Content-Security-Policy: upgrade-insecure-requests". It
+  contains an iframe. This iframe clicks on a link to the same host. The link
+  must be upgraded.
+
+  This is a bit of a hack. UPGRADE doesn't upgrade the port number. So if
+  the url is not upgraded, the url is invalid (http over the https port).
+  The expected behavior is that the url is upgraded and the page loads.
+-->
+<iframe src= "./resources/click-on-link.sub.html?url=http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-link-upgrade">
+</iframe>

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/iframe-link-upgrade.sub.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-1.sub.html

@@ -0,0 +1,16 @@
+<html>
+  <head>
+    <title>Upgrade Insecure Requests: top-frame navigation inside iframe (no upgrade expected)</title>
+  </head>
+  <body>
+    <!--
+    This is a bit of a hack. UPGRADE doesn't upgrade the port number. So if the
+    url is upgraded, the url becomes invalid (https over the http port). The
+    expected behavior is that the url is not upgraded and the page loads.
+    -->
+    <iframe
+      sandbox="allow-scripts allow-top-navigation"
+      src="https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html?url=http://{{domains[www]}}:{{ports[http][1]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-no-upgrade-1"
+    ></iframe>
+  </body>
+</html>

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-1.sub.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-no-upgrade-2.sub.html

@@ -0,0 +1,16 @@
+<html>
+  <head>
+    <title>Upgrade Insecure Requests: top-frame navigation inside iframe (no upgrade expected)</title>
+  </head>
+  <body>
+    <!--
+    This is a bit of a hack. UPGRADE doesn't upgrade the port number. So if the
+    url is upgraded, the url becomes invalid (https over the http port). The
+    expected behavior is that the url is not upgraded and the page loads.
+    -->
+    <iframe
+      sandbox="allow-scripts allow-top-navigation"
+      src="https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html?url=http://{{host}}:{{ports[http][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-no-upgrade-2"
+    ></iframe>
+  </body>
+</html>

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-1.sub.html

@@ -0,0 +1,17 @@
+<html>
+  <head>
+    <title>Upgrade Insecure Requests: top-frame navigation inside iframe (upgrade expected)</title>
+  </head>
+  <body>
+    <!--
+    This is a bit of a hack. UPGRADE doesn't upgrade the port number, so we
+    specify this non-existent URL ('http' over https port). If UPGRADE doesn't
+    work, it won't load. The expected behavior is that the url is upgraded and
+    the page loads.
+    -->
+    <iframe
+      sandbox="allow-scripts allow-top-navigation"
+      src="https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html?url=http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-upgrade-1"
+    ></iframe>
+  </body>
+</html>

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-1.sub.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-2.sub.html

@@ -0,0 +1,17 @@
+<html>
+  <head>
+    <title>Upgrade Insecure Requests: top-frame navigation inside iframe (upgrade expected)</title>
+  </head>
+  <body>
+    <!--
+    This is a bit of a hack. UPGRADE doesn't upgrade the port number, so we
+    specify this non-existent URL ('http' over https port). If UPGRADE doesn't
+    work, it won't load. The expected behavior is that the url is upgraded and
+    the page loads.
+    -->
+    <iframe
+      sandbox="allow-scripts allow-top-navigation"
+      src="https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html?url=http://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-upgrade-2"
+    ></iframe>
+  </body>
+</html>

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-2.sub.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/iframe-top-navigation-upgrade-meta.sub.html

@@ -0,0 +1,31 @@
+<html>
+  <head>
+    <title>Upgrade Insecure Requests: top-frame navigation inside iframe (upgrade expected)</title>
+    <script>
+      function iframe_onload() {
+        var iframe = document.getElementsByTagName("iframe")[0];
+        iframe.onload = null;
+
+        // Enable upgrade-insecure-requests dynamically.
+        var meta = document.createElement('meta');
+        meta.httpEquiv = "Content-Security-Policy";
+        meta.content = "upgrade-insecure-requests";
+        document.getElementsByTagName('head')[0].appendChild(meta);
+
+        // This is a bit of a hack. UPGRADE doesn't upgrade the port number,
+        // so we specify this non-existent URL ('http' over port https port). If
+        // UPGRADE doesn't work, it won't load. The expected behavior is that
+        // the url is upgraded and the page loads.
+        iframe.src =
+          "https://{{domains[www]}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html?url=http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html%3Fmessage=iframe-top-navigation-upgrade-meta"
+      }
+    </script>
+  </head>
+  <body>
+    <iframe
+      sandbox = "allow-scripts allow-top-navigation"
+      src = "./resources/dummy.html"
+      onload = "iframe_onload()"
+    ></iframe>
+  </body>
+</html>

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/resources/click-on-link.sub.html

@@ -0,0 +1,10 @@
+<body>
+  coucou
+  <a href="{{GET[url]}}">Click me</a>
+</body>
+
+<script>
+  window.addEventListener("load", function() {
+    document.getElementsByTagName("a")[0].click();
+ })
+</script>

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/resources/dummy.html

@@ -0,0 +1 @@
+I am not an interesting file...

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html

@@ -0,0 +1,5 @@
+<script>
+  window.addEventListener("load", function() {
+    window.top.location.href = "{{GET[url]}}";
+  })
+</script>

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame-upgrade.sub.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: upgrade-insecure-requests

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/resources/navigate-top-frame.sub.html

@@ -0,0 +1,5 @@
+<script>
+  window.addEventListener("load", function() {
+    window.top.location.href = "{{GET[url]}}";
+  })
+</script>

tests/wpt/web-platform-tests/upgrade-insecure-requests/link-upgrade/resources/post-message-to-opener.sub.html

@@ -0,0 +1,3 @@
+<script>
+  top.opener.postMessage("{{GET[message]}}", "*");
+</script>