Update web-platform-tests to revision 3137d1d2d7757366a69f8a449b458b5057e0e81e

tests/wpt/web-platform-tests/upgrade-insecure-requests/iframe-redirect-upgrade.https.html

@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Upgrade Insecure Requests: IFrames.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="./support/testharness-helper.sub.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+</head>
+<body>
+<script>
+var tests = [
+  generateRedirect(Host.SAME_ORIGIN, Protocol.INSECURE, generateURL(Host.SAME_ORIGIN, Protocol.INSECURE, ResourceType.FRAME)),
+  generateRedirect(Host.SAME_ORIGIN, Protocol.INSECURE, generateURL(Host.SAME_ORIGIN, Protocol.SECURE, ResourceType.FRAME)),
+  generateRedirect(Host.SAME_ORIGIN, Protocol.INSECURE, generateURL(Host.CROSS_ORIGIN, Protocol.INSECURE, ResourceType.FRAME)),
+  generateRedirect(Host.SAME_ORIGIN, Protocol.INSECURE, generateURL(Host.CROSS_ORIGIN, Protocol.SECURE, ResourceType.FRAME)),
+  generateRedirect(Host.SAME_ORIGIN, Protocol.SECURE, generateURL(Host.SAME_ORIGIN, Protocol.INSECURE, ResourceType.FRAME)),
+  generateRedirect(Host.SAME_ORIGIN, Protocol.SECURE, generateURL(Host.SAME_ORIGIN, Protocol.SECURE, ResourceType.FRAME)),
+  generateRedirect(Host.SAME_ORIGIN, Protocol.SECURE, generateURL(Host.CROSS_ORIGIN, Protocol.INSECURE, ResourceType.FRAME)),
+  generateRedirect(Host.SAME_ORIGIN, Protocol.SECURE, generateURL(Host.CROSS_ORIGIN, Protocol.SECURE, ResourceType.FRAME)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.INSECURE, generateURL(Host.SAME_ORIGIN, Protocol.INSECURE, ResourceType.FRAME)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.INSECURE, generateURL(Host.SAME_ORIGIN, Protocol.SECURE, ResourceType.FRAME)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.INSECURE, generateURL(Host.CROSS_ORIGIN, Protocol.INSECURE, ResourceType.FRAME)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.INSECURE, generateURL(Host.CROSS_ORIGIN, Protocol.SECURE, ResourceType.FRAME)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.SECURE, generateURL(Host.SAME_ORIGIN, Protocol.INSECURE, ResourceType.FRAME)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.SECURE, generateURL(Host.SAME_ORIGIN, Protocol.SECURE, ResourceType.FRAME)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.SECURE, generateURL(Host.CROSS_ORIGIN, Protocol.INSECURE, ResourceType.FRAME)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.SECURE, generateURL(Host.CROSS_ORIGIN, Protocol.SECURE, ResourceType.FRAME)),
+];
+
+tests.forEach(test => {
+  async_test(t => assert_frame_loads(t, test.url), test.name);
+});
+</script>
+</body>
+</html>

tests/wpt/web-platform-tests/upgrade-insecure-requests/iframe-upgrade.https.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Upgrade Insecure Requests: IFrames.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="./support/testharness-helper.sub.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+</head>
+<body>
+<script>
+var tests = [
+  generateURL(Host.SAME_ORIGIN, Protocol.INSECURE, ResourceType.FRAME),
+  generateURL(Host.SAME_ORIGIN, Protocol.SECURE, ResourceType.FRAME),
+  generateURL(Host.CROSS_ORIGIN, Protocol.INSECURE, ResourceType.FRAME),
+  generateURL(Host.CROSS_ORIGIN, Protocol.SECURE, ResourceType.FRAME),
+];
+
+tests.forEach(test => {
+  async_test(t => assert_frame_loads(t, test.url), test.name);
+});
+</script>
+</body>
+</html>

tests/wpt/web-platform-tests/upgrade-insecure-requests/image-redirect-upgrade.https.html

@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Upgrade Insecure Requests: Redirected Images.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="./support/testharness-helper.sub.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+</head>
+<body>
+<script>
+var tests = [
+  generateRedirect(Host.SAME_ORIGIN, Protocol.INSECURE, generateURL(Host.SAME_ORIGIN, Protocol.INSECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.SAME_ORIGIN, Protocol.INSECURE, generateURL(Host.SAME_ORIGIN, Protocol.SECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.SAME_ORIGIN, Protocol.INSECURE, generateURL(Host.CROSS_ORIGIN, Protocol.INSECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.SAME_ORIGIN, Protocol.INSECURE, generateURL(Host.CROSS_ORIGIN, Protocol.SECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.SAME_ORIGIN, Protocol.SECURE, generateURL(Host.SAME_ORIGIN, Protocol.INSECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.SAME_ORIGIN, Protocol.SECURE, generateURL(Host.SAME_ORIGIN, Protocol.SECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.SAME_ORIGIN, Protocol.SECURE, generateURL(Host.CROSS_ORIGIN, Protocol.INSECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.SAME_ORIGIN, Protocol.SECURE, generateURL(Host.CROSS_ORIGIN, Protocol.SECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.INSECURE, generateURL(Host.SAME_ORIGIN, Protocol.INSECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.INSECURE, generateURL(Host.SAME_ORIGIN, Protocol.SECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.INSECURE, generateURL(Host.CROSS_ORIGIN, Protocol.INSECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.INSECURE, generateURL(Host.CROSS_ORIGIN, Protocol.SECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.SECURE, generateURL(Host.SAME_ORIGIN, Protocol.INSECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.SECURE, generateURL(Host.SAME_ORIGIN, Protocol.SECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.SECURE, generateURL(Host.CROSS_ORIGIN, Protocol.INSECURE, ResourceType.IMAGE)),
+  generateRedirect(Host.CROSS_ORIGIN, Protocol.SECURE, generateURL(Host.CROSS_ORIGIN, Protocol.SECURE, ResourceType.IMAGE)),
+];
+
+tests.forEach(test => {
+  async_test(t => assert_image_loads(t, test.url, 64, 168), test.name);
+  async_test(t => assert_image_loads_in_srcdoc(t, test.url, 64, 168), test.name + " in <iframe srcdoc>");
+  async_test(t => assert_image_loads_in_blank(t, test.url, 64, 168), test.name + " in <iframe>");
+});
+</script>
+</body>
+</html>

tests/wpt/web-platform-tests/upgrade-insecure-requests/image-upgrade.https.html

@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Upgrade Insecure Requests: Images.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="./support/testharness-helper.sub.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+</head>
+<body>
+<script>
+var tests = [
+  generateURL(Host.SAME_ORIGIN, Protocol.INSECURE, ResourceType.IMAGE),
+  generateURL(Host.SAME_ORIGIN, Protocol.SECURE, ResourceType.IMAGE),
+  generateURL(Host.CROSS_ORIGIN, Protocol.INSECURE, ResourceType.IMAGE),
+  generateURL(Host.CROSS_ORIGIN, Protocol.SECURE, ResourceType.IMAGE),
+];
+
+tests.forEach(test => {
+  async_test(t => assert_image_loads(t, test.url, 64, 168), test.name);
+  async_test(t => assert_image_loads_in_srcdoc(t, test.url, 64, 168), test.name + " in <iframe srcdoc>");
+  async_test(t => assert_image_loads_in_blank(t, test.url, 64, 168), test.name + " in <iframe>");
+});
+</script>
+</body>
+</html>

tests/wpt/web-platform-tests/upgrade-insecure-requests/support/post-origin-to-parent.html

@@ -0,0 +1,3 @@
+<script>
+  parent.postMessage(window.location.origin, '*');
+</script>

tests/wpt/web-platform-tests/upgrade-insecure-requests/support/testharness-helper.sub.js

@@ -0,0 +1,115 @@
+const Host = {
+  SAME_ORIGIN: "same-origin",
+  CROSS_ORIGIN: "cross-origin",
+};
+
+const Protocol = {
+  INSECURE: "insecure",
+  SECURE: "secure",
+};
+
+const ResourceType = {
+  IMAGE: "image",
+  FRAME: "frame",
+  WEBSOCKET: "websocket",
+};
+
+// These tests rely on some unintuitive cleverness due to WPT's test setup:
+// 'Upgrade-Insecure-Requests' does not upgrade the port number, so we use URLs
+// in the form `http://[domain]:[https-port]`. If the upgrade fails, the load will fail,
+// as we don't serve HTTP over the secure port.
+function generateURL(host, protocol, resourceType) {
+  var url = new URL("http://{{host}}:{{ports[https][0]}}/upgrade-insecure-requests/support/");
+  url.protocol = protocol == Protocol.INSECURE ? "http" : "https";
+  url.hostname = host == Host.SAME_ORIGIN ? "{{host}}" : "{{domains[天気の良い日]}}";
+
+  if (resourceType == ResourceType.IMAGE) {
+    url.pathname += "pass.png";
+  } else if (resourceType == ResourceType.FRAME) {
+    url.pathname += "post-origin-to-parent.html";
+  } else if (resourceType == ResourceType.WEBSOCKET) {
+    url.port = {{ports[wss][0]}};
+    url.protocol = protocol == Protocol.INSECURE ? "ws" : "wss";
+    url.pathname = "echo";
+  }
+  return {
+    name: protocol + "/" + host + " "  + resourceType,
+    url: url.toString()
+  };
+}
+
+function generateRedirect(host, protocol, target) {
+  var url = "http://{{host}}:{{ports[https][0]}}/common/redirect.py?location=" + encodeURIComponent(target.url);
+  url.protocol = protocol == Protocol.INSECURE ? "http" : "https";
+  url.hostname = host == Host.SAME_ORIGIN ? "{{host}}" : "{{domains[天気の良い日]}}";
+  return {
+    name: protocol + "/" + host + " => " + target.name,
+    url: url.toString()
+  };
+}
+
+function assert_image_loads(test, url, height, width) {
+  var i = document.createElement('img');
+  i.onload = test.step_func_done(_ => {
+    assert_equals(i.naturalHeight, height, "Height.");
+    assert_equals(i.naturalWidth, width, "Width.");
+  });
+  i.onerror = test.unreached_func(url + " should load successfully.");
+  i.src = url;
+}
+
+function assert_image_loads_in_srcdoc(test, url, height, width) {
+  var frame = document.createElement('iframe');
+  frame.srcdoc = "yay!";
+  frame.onload = _ => {
+    var i = frame.contentDocument.createElement('img');
+    i.onload = test.step_func_done(_ => {
+      assert_equals(i.naturalHeight, height, "Height.");
+      assert_equals(i.naturalWidth, width, "Width.");
+      frame.remove();
+    });
+    i.onerror = test.unreached_func(url + " should load successfully.");
+    i.src = url;
+  };
+
+  document.body.appendChild(frame);
+}
+
+function assert_image_loads_in_blank(test, url, height, width) {
+  var frame = document.createElement('iframe');
+  frame.onload = _ => {
+    var i = frame.contentDocument.createElement('img');
+    i.onload = test.step_func_done(_ => {
+      assert_equals(i.naturalHeight, height, "Height.");
+      assert_equals(i.naturalWidth, width, "Width.");
+      frame.remove();
+    });
+    i.onerror = test.unreached_func(url + " should load successfully.");
+    i.src = url;
+  };
+
+  document.body.appendChild(frame);
+}
+
+function assert_frame_loads(test, url) {
+  var i = document.createElement('iframe');
+
+  window.addEventListener('message', test.step_func(e => {
+    if (e.source == i.contentWindow) {
+      i.remove();
+      test.done();
+    }
+  }));
+
+  i.src = url;
+  document.body.appendChild(i);
+}
+
+function assert_websocket_loads(test, url) {
+  var w = new WebSocket(url, "echo");
+  w.onopen = test.step_func(_ => {
+    w.onclose = test.step_func_done();
+    w.close();
+  });
+  w.onclose = test.unreached_func("WebSocket should not close before open is called.");
+}

tests/wpt/web-platform-tests/upgrade-insecure-requests/websocket-upgrade.https.html

@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Upgrade Insecure Requests: WebSockets.</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="./support/testharness-helper.sub.js"></script>
+
+<meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
+</head>
+<body>
+<script>
+var tests = [
+  generateURL(Host.SAME_ORIGIN, Protocol.INSECURE, ResourceType.WEBSOCKET),
+  generateURL(Host.SAME_ORIGIN, Protocol.SECURE, ResourceType.WEBSOCKET),
+  generateURL(Host.CROSS_ORIGIN, Protocol.INSECURE, ResourceType.WEBSOCKET),
+  generateURL(Host.CROSS_ORIGIN, Protocol.SECURE, ResourceType.WEBSOCKET),
+];
+
+tests.forEach(test => {
+  async_test(t => assert_websocket_loads(t, test.url), test.name);
+});
+</script>
+</body>
+</html>