Bug 1774540 [wpt PR 34462] - Fix up wpt/preload, a=testonly

Automatic update from web-platform-tests
Fix up wpt/preload

 - Some tests in wpt/preload use Resource Timing entries to make sure
   that no requests are made. We're changing that (Resource Timing
   entries should be created even when blocked by CSP - see
   whatwg/fetch#1215). Stop using
   Resource Timing entries and check that with server side scripts.
 - http/tests/preload/preload-csp.html is covered by some WPTs. Let's
   remove it.

Change-Id: I3c2cdfa2459d212657be7569c5290c48b39d6f05
Bug: 1275564
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3708287
Reviewed-by: Yoav Weiss <[email protected]>
Commit-Queue: Yutaka Hirano <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1019490}

--

wpt-commits: ba22f229dfafa51c637aa02957f8b9f330f1cfa3
wpt-pr: 34462

Author: yutakahirano

testing/web-platform/tests/preload/dynamic-adding-preload-nonce.html

@@ -1,39 +1,50 @@
 <!DOCTYPE html>
 <script nonce="abc" src="/resources/testharness.js"></script>
 <script nonce="abc" src="/resources/testharnessreport.js"></script>
+<script nonce="abc" src="/common/utils.js"></script>
 <script nonce="abc" src="/preload/resources/preload_helper.js"></script>
 <body>
 <script nonce="abc">
 
-async_test(function(t) {
-    verifyPreloadAndRTSupport();
-    var link = document.createElement("link");
-    link.as = "script";
-    link.rel = "preload";
-    link.href = "resources/dummy.js?with-nonce";
-    link.nonce = "abc";
-    link.onload = link.onerror = t.step_func(function() {
-        t.step_timeout(function() {
-            verifyNumberOfResourceTimingEntries("resources/dummy.js?with-nonce", 1);
-            t.done();
-        }, 0);
-    });
-    document.body.appendChild(link);
+promise_test(async (t) => {
+  verifyPreloadAndRTSupport();
+  const id = token();
+  const link = document.createElement("link");
+  link.as = "script";
+  link.rel = "preload";
+  link.href = stashPutUrl(id);
+  link.nonce = "abc";
+
+  const load = new Promise((resolve) => {
+    link.onload = resolve;
+  });
+  link.onerror = t.unreached_func("link.onerror");
+
+  document.body.appendChild(link);
+  await load;
+
+  const arrived = await hasArrivedAtServer(id);
+  assert_true(arrived, "The preload should've arrived at the server.");
 }, "link preload with nonce attribute");
 
-async_test(function(t) {
-    verifyPreloadAndRTSupport();
-    var link = document.createElement("link");
-    link.as = "script";
-    link.rel = "preload";
-    link.href = "resources/dummy.js?without-nonce";
-    link.onload = link.onerror = t.step_func(function() {
-        t.step_timeout(function() {
-            verifyNumberOfResourceTimingEntries("resources/dummy.js?without-nonce", 0);
-            t.done();
-        }, 0);
-    });
-    document.body.appendChild(link);
+promise_test(async (t) => {
+  verifyPreloadAndRTSupport();
+  const id = token();
+  const link = document.createElement("link");
+  link.as = "script";
+  link.rel = "preload";
+  link.href = stashPutUrl(id);
+
+  const error = new Promise((resolve) => {
+    link.onerror = resolve;
+  });
+  link.onload = t.unreached_func("link.onload");
+
+  document.body.appendChild(link);
+  await error;
+
+  const arrived = await hasArrivedAtServer(id);
+  assert_false(arrived, "The preload should've arrived at the server.");
 }, "link preload without nonce attribute");
 
 </script>

testing/web-platform/tests/preload/link-header-preload-nonce.html

@@ -1,33 +1,53 @@
 <!DOCTYPE html>
-<title>Makes sure that Link headers preload resources with CSP nonce</title>
-<script nonce="abc" src="/resources/testharness.js"></script>
-<script nonce="abc" src="/resources/testharnessreport.js"></script>
-<script nonce="abc" src="/preload/resources/preload_helper.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
+<script src="/preload/resources/preload_helper.js"></script>
 <body>
-<script nonce="abc">
-    setup({single_test: true});
+<script>
 
-    var iterations = 0;
+async_test(t => {
+  const id = token();
+  const pageUrl =
+    '/common/blank.html?pipe=' +
+    '|header(content-security-policy, script-src \'nonce-abc\')' +
+    `|header(link, <${encodedStashPutUrl(id)}>;rel=preload;as=script)`;
 
-    function check_finished() {
-        if (numberOfResourceTimingEntries("resources/dummy.js?from-header&without-nonce") == 0 &&
-            numberOfResourceTimingEntries("resources/dummy.js?from-header&with-nonce") == 1) {
-            done();
-        }
-        iterations++;
-        if (iterations == 10) {
-            // At least one is expected to fail, but this should give details to the exact failure(s).
-            verifyNumberOfResourceTimingEntries("resources/dummy.js?from-header&without-nonce", 0);
-            verifyNumberOfResourceTimingEntries("resources/dummy.js?from-header&with-nonce", 1);
-            done();
-        } else {
-            step_timeout(check_finished, 500);
-        }
+  const w = window.open(pageUrl);
+  t.add_cleanup(() => w.close());
+
+  step_timeout(async () => {
+    try {
+      const arrived = await hasArrivedAtServer(id);
+      assert_false(arrived, 'The preload should be blocked.');
+      t.done();
+    } catch (e) {
+      t.step(() => {throw e;});
+    }
+  }, 3000);
+}, 'without nonce');
+
+async_test(t => {
+  const id = token();
+  const pageUrl =
+    '/common/blank.html?pipe=' +
+    '|header(content-security-policy, script-src \'nonce-az\')' +
+    `|header(link, <${encodedStashPutUrl(id)}>;rel=preload;as=script;nonce=az)`;
+  const w = window.open(pageUrl);
+  t.add_cleanup(() => w.close());
+
+  // TODO: Use step_wait after
+  // https://github.com/web-platform-tests/wpt/pull/34289 is merged.
+  step_timeout(async () => {
+    try {
+      const arrived = await hasArrivedAtServer(id);
+      assert_true(arrived, 'The preload should have arrived at the server.');
+      t.done();
+    } catch (e) {
+      t.step(() => {throw e;});
     }
+  }, 3000);
+}, 'with nonce');
 
-    window.addEventListener("load", function() {
-        verifyPreloadAndRTSupport();
-        step_timeout(check_finished, 500);
-    });
 </script>
 </body>

testing/web-platform/tests/preload/link-header-preload-nonce.html.headers

@@ -1,55 +1,35 @@
 <!DOCTYPE html>
-<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; font-src 'none'; style-src 'none'; img-src 'none'; media-src 'none'; connect-src 'none'">
+<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; font-src 'none'; style-src 'none'; img-src 'none'; media-src 'none';">
 <title>Makes sure that preload requests respect CSP</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
+<script src="/common/utils.js"></script>
 <script src="/preload/resources/preload_helper.js"></script>
-<link rel=preload href="{{host}}:{{ports[http][1]}}/preload/resources/dummy.js" as=style>
-<link rel=preload href="resources/dummy.css" as=style>
-<link rel=preload href="resources/square.png" as=image>
-<link rel=preload href="/fonts/CanvasTest.ttf" as=font crossorigin>
-<link rel=preload href="resources/white.mp4" as=video>
-<link rel=preload href="resources/sound_5.oga" as=audio>
-<link rel=preload href="resources/foo.vtt" as=track>
-<link rel=preload href="resources/dummy.xml?foo=bar" as=foobarxmlthing>
-<link rel=preload href="resources/dummy.xml">
+<link rel=preload href="http://{{host}}:{{ports[http][1]}}/preload/resources/stash-put.py?key={{uuid()}}" as=style>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=style>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=image>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=font crossorigin>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=video>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=audio>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=track>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=foobarxmlthing>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}">
 <body>
 <script>
-    setup({single_test: true});
-
-    var iterations = 0;
-
-    function check_finished() {
-        if (numberOfResourceTimingEntries("{{host}}:{{ports[http][1]}}/preload/resources/dummy.js") == 0 &&
-            numberOfResourceTimingEntries("resources/dummy.css") == 0 &&
-            numberOfResourceTimingEntries("resources/square.png") == 0 &&
-            numberOfResourceTimingEntries("/fonts/CanvasTest.ttf") == 0 &&
-            numberOfResourceTimingEntries("resources/white.mp4") == 0 &&
-            numberOfResourceTimingEntries("resources/sound_5.oga") == 0 &&
-            numberOfResourceTimingEntries("resources/foo.vtt") == 0 &&
-            numberOfResourceTimingEntries("resources/dummy.xml") == 0) {
-            done();
-        }
-        iterations++;
-        if (iterations == 10) {
-            // At least one is expected to fail, but this should give details to the exact failure(s).
-            verifyNumberOfResourceTimingEntries("{{host}}:{{ports[http][1]}}/preload/resources/dummy.js", 0);
-            verifyNumberOfResourceTimingEntries("resources/dummy.css", 0);
-            verifyNumberOfResourceTimingEntries("resources/square.png", 0);
-            verifyNumberOfResourceTimingEntries("/fonts/CanvasTest.ttf", 0);
-            verifyNumberOfResourceTimingEntries("resources/white.mp4", 0);
-            verifyNumberOfResourceTimingEntries("resources/sound_5.oga", 0);
-            verifyNumberOfResourceTimingEntries("resources/foo.vtt", 0);
-            verifyNumberOfResourceTimingEntries("resources/dummy.xml", 0);
-            done();
-        } else {
-            step_timeout(check_finished, 500);
-        }
+promise_test(async (t) => {
+  verifyPreloadAndRTSupport();
+  const keys = [];
+  const links = document.querySelectorAll('link');
+  for (const link of links) {
+    if (link.rel === 'preload') {
+      const r = /\?key=([a-zA-Z0-9\-]+)$/;
+      keys.push(link.href.match(r)[1]);
     }
+  }
+  await new Promise((resolve) => step_timeout(resolve, 3000));
 
-    window.addEventListener("load", function() {
-        verifyPreloadAndRTSupport();
-        step_timeout(check_finished, 500);
-    });
+  for (const key of keys) {
+    assert_false(await hasArrivedAtServer(key));
+  }
+}, 'Preload requests are blocked by CSP.');
 </script>
-

testing/web-platform/tests/preload/preload-csp.sub.html

@@ -1,55 +1,35 @@
 <!DOCTYPE html>
-<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; default-src 'none'">
+<meta http-equiv="Content-Security-Policy" content="script-src 'self' 'unsafe-inline'; default-src 'none'; connect-src 'self';">
 <title>Makes sure that preload requests respect CSP</title>
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/preload/resources/preload_helper.js"></script>
-<link rel=preload href="{{host}}:{{ports[http][1]}}/preload/resources/dummy.js" as=style>
-<link rel=preload href="resources/dummy.css" as=style>
-<link rel=preload href="resources/square.png" as=image>
-<link rel=preload href="/fonts/CanvasTest.ttf" as=font crossorigin>
-<link rel=preload href="resources/white.mp4" as=video>
-<link rel=preload href="resources/sound_5.oga" as=audio>
-<link rel=preload href="resources/foo.vtt" as=track>
-<link rel=preload href="resources/dummy.xml?foo=bar" as=foobarxmlthing>
-<link rel=preload href="resources/dummy.xml">
+<link rel=preload href="http://{{host}}:{{ports[http][1]}}/preload/resources/stash-put.py?key={{uuid()}}" as=style>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=style>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=image>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=font crossorigin>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=video>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=audio>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=track>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}" as=foobarxmlthing>
+<link rel=preload href="/preload/resources/stash-put.py?key={{uuid()}}">
 <body>
 <script>
-    setup({single_test: true});
-
-    var iterations = 0;
-
-    function check_finished() {
-        if (numberOfResourceTimingEntries("{{host}}:{{ports[http][1]}}/preload/resources/dummy.js") == 0 &&
-            numberOfResourceTimingEntries("resources/dummy.css") == 0 &&
-            numberOfResourceTimingEntries("resources/square.png") == 0 &&
-            numberOfResourceTimingEntries("/fonts/CanvasTest.ttf") == 0 &&
-            numberOfResourceTimingEntries("resources/white.mp4") == 0 &&
-            numberOfResourceTimingEntries("resources/sound_5.oga") == 0 &&
-            numberOfResourceTimingEntries("resources/foo.vtt") == 0 &&
-            numberOfResourceTimingEntries("resources/dummy.xml") == 0) {
-            done();
-        }
-        iterations++;
-        if (iterations == 10) {
-            // At least one is expected to fail, but this should give details to the exact failure(s).
-            verifyNumberOfResourceTimingEntries("{{host}}:{{ports[http][1]}}/preload/resources/dummy.js", 0);
-            verifyNumberOfResourceTimingEntries("resources/dummy.css", 0);
-            verifyNumberOfResourceTimingEntries("resources/square.png", 0);
-            verifyNumberOfResourceTimingEntries("/fonts/CanvasTest.ttf", 0);
-            verifyNumberOfResourceTimingEntries("resources/white.mp4", 0);
-            verifyNumberOfResourceTimingEntries("resources/sound_5.oga", 0);
-            verifyNumberOfResourceTimingEntries("resources/foo.vtt", 0);
-            verifyNumberOfResourceTimingEntries("resources/dummy.xml", 0);
-            done();
-        } else {
-            step_timeout(check_finished, 500);
-        }
+promise_test(async (t) => {
+  verifyPreloadAndRTSupport();
+  const keys = [];
+  const links = document.querySelectorAll('link');
+  for (const link of links) {
+    if (link.rel === 'preload') {
+      const r = /\?key=([a-zA-Z0-9\-]+)$/;
+      keys.push(link.href.match(r)[1]);
     }
+  }
+  await new Promise((resolve) => step_timeout(resolve, 3000));
 
-    window.addEventListener("load", function() {
-        verifyPreloadAndRTSupport();
-        step_timeout(check_finished, 500);
-    });
+  for (const key of keys) {
+    assert_false(await hasArrivedAtServer(key));
+  }
+}, 'Preload requests are blocked by CSP ("default-src \'none\').');
 </script>