Update web-platform-tests to revision cf261625e2d230ab219eec966f4abe26e3401b64

tests/wpt/web-platform-tests/fetch/origin/no-cors.any.js

@@ -0,0 +1,20 @@
+// META: script=/common/utils.js
+// META: script=/common/get-host-info.sub.js
+
+promise_test(async function() {
+  const stash = token(),
+        origins = get_host_info(),
+        redirectPath = "/fetch/origin/resources/redirect-and-stash.py";
+
+  // Cross-origin -> same-origin will result in setting the tainted origin flag for the second
+  // request.
+  let url = origins.HTTP_ORIGIN + redirectPath + "?stash=" + stash;
+  url = origins.HTTP_REMOTE_ORIGIN + redirectPath + "?stash=" + stash + "&location=" + encodeURIComponent(url);
+
+  await fetch(url, { mode: "no-cors", method: "POST" });
+
+  const json = await (await fetch(redirectPath + "?dump&stash=" + stash)).json();
+
+  assert_equals(json[0], origins.HTTP_ORIGIN, "first origin should equal this origin");
+  assert_equals(json[1], "null", "second origin should be opaque and therefore null");
+}, "Origin header and 308 redirect");

tests/wpt/web-platform-tests/fetch/origin/resources/redirect-and-stash.py

@@ -0,0 +1,29 @@
+import json
+
+def main(request, response):
+    key = request.GET.first("stash")
+    origin = request.headers.get("origin")
+    if origin is None:
+        origin = "no Origin header"
+
+    origin_list = request.server.stash.take(key)
+
+    if "dump" in request.GET:
+        response.headers.set("content-Type", "application/json")
+        response.content = json.dumps(origin_list)
+        return
+
+    if origin_list is None:
+        origin_list = [origin]
+    else:
+        origin_list.append(origin)
+
+    request.server.stash.put(key, origin_list)
+
+    if "location" in request.GET:
+        response.status = 308
+        response.headers.set("Location", request.GET.first("location"))
+        return
+
+    response.headers.set("content-Type", "text/plain")
+    response.content = "Fix https://github.com/whatwg/fetch/issues/737..."