Upstream service worker `fetch` test to WPT

third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-response-taint.https.html

Index: third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-response-taint.https.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-response-taint.html b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-response-taint.https.html
similarity index 16%
rename from third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-response-taint.html
rename to third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-response-taint.https.html
index de93c03ba9ebd7bfc2bd5c51615a94620439f713..0110892eebb4d8b297813eb1d56a2ba3364c080f 100644
--- a/third_party/WebKit/LayoutTests/http/tests/serviceworker/fetch-response-taint.html
+++ b/third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-response-taint.https.html
@@ -1,59 +1,104 @@
 <!DOCTYPE html>
 <title>Service Worker: Tainting of responses fetched via SW.</title>
-<script src="../resources/testharness.js"></script>
-<script src="../resources/testharnessreport.js"></script>
-<script src="../resources/get-host-info.js?pipe=sub"></script>
-<script src="resources/test-helpers.js"></script>
+<!-- This test makes a large number of requests sequentially. -->
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="resources/test-helpers.sub.js"></script>
 <body>
 <script>
 var host_info = get_host_info();
-var BASE_ORIGIN = host_info.HTTP_ORIGIN;
-var OTHER_ORIGIN = host_info.HTTP_REMOTE_ORIGIN;
+var BASE_ORIGIN = host_info.HTTPS_ORIGIN;
+var OTHER_ORIGIN = host_info.HTTPS_REMOTE_ORIGIN;
 var BASE_URL = BASE_ORIGIN + base_path() +
-               'resources/fetch-access-control.php?';
+               'resources/fetch-access-control.py?';
 var OTHER_BASE_URL = OTHER_ORIGIN + base_path() +
-                     'resources/fetch-access-control.php?';
+                     'resources/fetch-access-control.py?';
 
 function frame_fetch(frame, url, mode, credentials) {
-  return frame.contentWindow.fetch(
-      new Request(url, {mode: mode, credentials: credentials}));
+  var foreignPromise = frame.contentWindow.fetch(
+      new Request(url, {mode: mode, credentials: credentials}))
+
+  // Event loops should be shared between contexts of similar origin, not all
+  // browsers adhere to this expectation at the time of this writing. Incorrect
+  // behavior in this regard can interfere with test execution when the
+  // provided iframe is removed from the document.
+  //
+  // WPT maintains a test dedicated the expected treatment of event loops, so
+  // the following workaround is acceptable in this context.
+  return Promise.resolve(foreignPromise);
 }
 
-function ng_test(frame, url, mode, credentials) {
-  return frame_fetch(frame, url, mode, credentials).then(
-      function() {
-        throw new Error('fetching url:\"' + url + '\" mode:\"' + mode +
-                        '\" credentials:\"' + credentials + '\" should fail.');
-      },
-      function() {});
+var login_and_register;
+promise_test(function(t) {
+    var SCOPE = 'resources/fetch-response-taint-iframe.html';
+    var SCRIPT = 'resources/fetch-rewrite-worker.js';
+    var registration;
+
+    login_and_register = login_https(t, host_info.HTTPS_ORIGIN, host_info.HTTPS_REMOTE_ORIGIN)
+      .then(function() {
+          return service_worker_unregister_and_register(t, SCRIPT, SCOPE);
+        })
+      .then(function(r) {
+          registration = r;
+          return wait_for_state(t, registration.installing, 'activated');
+        })
+      .then(function() { return with_iframe(SCOPE); })
+      .then(function(f) {
+          // This test should not be considered complete until after the
+          // service worker has been unregistered. Currently, `testharness.js`
+          // does not support asynchronous global "tear down" logic, so this
+          // must be expressed using a dedicated `promise_test`. Because the
+          // other sub-tests in this file are declared synchronously, this
+          // test will be the final test executed.
+          promise_test(function(t) {
+              f.remove();
+              return registration.unregister();
+            }, 'restore global state');
+
+          return f;
+        });
+    return login_and_register;
+  }, 'initialize global state');
+
+function ng_test(url, mode, credentials) {
+  promise_test(function(t) {
+      return login_and_register
+        .then(function(frame) {
+            var fetchRequest = frame_fetch(frame, url, mode, credentials);
+            return promise_rejects(t, null, fetchRequest);
+          });
+    }, 'url:\"' + url + '\" mode:\"' + mode +
+       '\" credentials:\"' + credentials + '\" should fail.');
 }
 
-function ok_test(frame, url, mode, credentials, expected_type,
-                 expected_username) {
-  return frame_fetch(frame, url, mode, credentials)
-    .then(function(res) {
-        assert_equals(res.type, expected_type);
-        return res.text();
-      })
-    .then(function(text) {
-        if (expected_type == 'opaque') {
-          assert_equals(text, '');
-        } else {
-          return new Promise(function(resolve) {
-                var report = resolve;
-                // text must contain report() call.
-                eval(text);
-              })
-            .then(function(result) {
-                assert_equals(result.username, expected_username);
-              });
-        }
-      })
-    .catch(function(reason) {
-        throw new Error('fetching url:\"' + url + '\" mode:\"' + mode +
+function ok_test(url, mode, credentials, expected_type, expected_username) {
+  promise_test(function() {
+      return login_and_register.then(function(frame) {
+            return frame_fetch(frame, url, mode, credentials)
+          })
+        .then(function(res) {
+            assert_equals(res.type, expected_type, 'response type');
+            return res.text();
+          })
+        .then(function(text) {
+            if (expected_type == 'opaque') {
+              assert_equals(text, '');
+            } else {
+              return new Promise(function(resolve) {
+                    var report = resolve;
+                    // text must contain report() call.
+                    eval(text);
+                  })
+                .then(function(result) {
+                    assert_equals(result.username, expected_username);
+                  });
+            }
+          });
+    }, 'fetching url:\"' + url + '\" mode:\"' + mode +
                         '\" credentials:\"' + credentials + '\" should ' +
-                        'success. - ' + reason.message);
-      });
+                        'succeed.');
 }
 
 function build_rewrite_url(origin, url, mode, credentials) {
@@ -71,123 +116,102 @@ function for_each_origin_mode_credentials(callback) {
     });
 }
 
-promise_test(function(t) {
-    var SCOPE = 'resources/fetch-response-taint-iframe.html';
-    var SCRIPT = 'resources/fetch-rewrite-worker.js';
-    var frame = undefined;
+ok_test(BASE_URL, 'same-origin', 'omit', 'basic', 'undefined');
+ok_test(BASE_URL, 'same-origin', 'same-origin', 'basic', 'username2s');
+ok_test(BASE_URL, 'same-origin', 'include', 'basic', 'username2s');
+ok_test(BASE_URL, 'no-cors', 'omit', 'basic', 'undefined');
+ok_test(BASE_URL, 'no-cors', 'same-origin', 'basic', 'username2s');
+ok_test(BASE_URL, 'no-cors', 'include', 'basic', 'username2s');
+ok_test(BASE_URL, 'cors', 'omit', 'basic', 'undefined');
+ok_test(BASE_URL, 'cors', 'same-origin', 'basic', 'username2s');
+ok_test(BASE_URL, 'cors', 'include', 'basic', 'username2s');
+ng_test(OTHER_BASE_URL, 'same-origin', 'omit');
+ng_test(OTHER_BASE_URL, 'same-origin', 'same-origin');
+ng_test(OTHER_BASE_URL, 'same-origin', 'include');
+ok_test(OTHER_BASE_URL, 'no-cors', 'omit', 'opaque');
+ok_test(OTHER_BASE_URL, 'no-cors', 'same-origin', 'opaque');
+ok_test(OTHER_BASE_URL, 'no-cors', 'include', 'opaque');
+ng_test(OTHER_BASE_URL, 'cors', 'omit');
+ng_test(OTHER_BASE_URL, 'cors', 'same-origin');
+ng_test(OTHER_BASE_URL, 'cors', 'include');
+ok_test(OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'omit', 'cors', 'undefined');
+ok_test(OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'same-origin', 'cors',
+        'undefined');
+ng_test(OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'include');
+ok_test(OTHER_BASE_URL + 'ACAOrigin=' + BASE_ORIGIN + '&ACACredentials=true',
+        'cors', 'include', 'cors', 'username1s')
 
-    return login(t, host_info.HTTP_ORIGIN, host_info.HTTP_REMOTE_ORIGIN)
-      .then(function() {
-          return service_worker_unregister_and_register(t, SCRIPT, SCOPE);
-        })
-      .then(function(registration) {
-          return wait_for_state(t, registration.installing, 'activated');
-        })
-      .then(function() { return with_iframe(SCOPE); })
-      .then(function(f) {
-          frame = f;
-          var promises = [
-            ok_test(f, BASE_URL, 'same-origin', 'omit', 'basic', 'undefined'),
-            ok_test(f, BASE_URL, 'same-origin', 'same-origin', 'basic',
-                    'username1'),
-            ok_test(f, BASE_URL, 'same-origin', 'include', 'basic',
-                    'username1'),
-            ok_test(f, BASE_URL, 'no-cors', 'omit', 'basic', 'undefined'),
-            ok_test(f, BASE_URL, 'no-cors', 'same-origin', 'basic',
-                    'username1'),
-            ok_test(f, BASE_URL, 'no-cors', 'include', 'basic', 'username1'),
-            ok_test(f, BASE_URL, 'cors', 'omit', 'basic', 'undefined'),
-            ok_test(f, BASE_URL, 'cors', 'same-origin', 'basic', 'username1'),
-            ok_test(f, BASE_URL, 'cors', 'include', 'basic', 'username1'),
-            ng_test(f, OTHER_BASE_URL, 'same-origin', 'omit'),
-            ng_test(f, OTHER_BASE_URL, 'same-origin', 'same-origin'),
-            ng_test(f, OTHER_BASE_URL, 'same-origin', 'include'),
-            ok_test(f, OTHER_BASE_URL, 'no-cors', 'omit', 'opaque'),
-            ok_test(f, OTHER_BASE_URL, 'no-cors', 'same-origin', 'opaque'),
-            ok_test(f, OTHER_BASE_URL, 'no-cors', 'include', 'opaque'),
-            ng_test(f, OTHER_BASE_URL, 'cors', 'omit'),
-            ng_test(f, OTHER_BASE_URL, 'cors', 'same-origin'),
-            ng_test(f, OTHER_BASE_URL, 'cors', 'include'),
-            ok_test(f, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'omit', 'cors',
-                    'undefined'),
-            ok_test(f, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'same-origin',
-                    'cors', 'undefined'),
-            ng_test(f, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'include'),
-            ok_test(f,
-                    OTHER_BASE_URL + 'ACAOrigin=' + BASE_ORIGIN +
-                    '&ACACredentials=true',
-                    'cors', 'include', 'cors', 'username2')
-          ];
-
-          for_each_origin_mode_credentials(function(origin, mode, credentials) {
-            var url = build_rewrite_url(
-                origin, BASE_URL, 'same-origin', 'omit');
-            // Fetch to the other origin with same-origin mode should fail.
-            if (origin == OTHER_ORIGIN && mode == 'same-origin')
-              return promises.push(ng_test(f, url, mode, credentials));
-            // The response type from the SW should be basic
-            promises.push(
-                ok_test(f, url, mode, credentials, 'basic', 'undefined'));
-          });
+for_each_origin_mode_credentials(function(origin, mode, credentials) {
+  var url = build_rewrite_url(
+      origin, BASE_URL, 'same-origin', 'omit');
+  // Fetch to the other origin with same-origin mode should fail.
+  if (origin == OTHER_ORIGIN && mode == 'same-origin') {
+    ng_test(url, mode, credentials);
+  } else {
+    // The response type from the SW should be basic
+    ok_test(url, mode, credentials, 'basic', 'undefined');
+  }
+});
 
-          for_each_origin_mode_credentials(function(origin, mode, credentials) {
-            var url = build_rewrite_url(
-                origin, BASE_URL, 'same-origin', 'same-origin');
-            // Fetch to the other origin with same-origin mode should fail.
-            if (origin == OTHER_ORIGIN && mode == 'same-origin')
-              return promises.push(ng_test(f, url, mode, credentials));
-            // The response type from the SW should be basic.
-            promises.push(
-                ok_test(f, url, mode, credentials, 'basic', 'username1'));
-          });
+for_each_origin_mode_credentials(function(origin, mode, credentials) {
+  var url = build_rewrite_url(
+      origin, BASE_URL, 'same-origin', 'same-origin');
 
-          for_each_origin_mode_credentials(function(origin, mode, credentials) {
-            var url = build_rewrite_url(
-                origin, OTHER_BASE_URL, 'same-origin', 'omit');
-            // The response from the SW should be an error.
-            promises.push(ng_test(f, url, mode, credentials));
-          });
+  // Fetch to the other origin with same-origin mode should fail.
+  if (origin == OTHER_ORIGIN && mode == 'same-origin') {
+    ng_test(url, mode, credentials);
+  // The response type from the SW should be basic.

[Marijn Kruisselbrink, 2017/05/05 17:32:42]

nit: in all the other similarly structured code you have the "else" comment
after the else line, but here you have it before?

[mike3, 2017/05/05 19:11:47]

Not sure why I did that. I'll move it for consistency.

+  } else {
+    ok_test(url, mode, credentials, 'basic', 'username2s');
+  }
+});
 
-          for_each_origin_mode_credentials(function(origin, mode, credentials) {
-            var url = build_rewrite_url(
-                origin, OTHER_BASE_URL, 'no-cors', 'omit');
-            // SW can respond only to no-cors requests.
-            if (mode != 'no-cors')
-              return promises.push(ng_test(f, url, mode, credentials));
-            // The response type from the SW should be opaque.
-            promises.push(ok_test(f, url, mode, credentials, 'opaque'));
-          });
+for_each_origin_mode_credentials(function(origin, mode, credentials) {
+  var url = build_rewrite_url(
+      origin, OTHER_BASE_URL, 'same-origin', 'omit');
+  // The response from the SW should be an error.
+  ng_test(url, mode, credentials);
+});
 
-          for_each_origin_mode_credentials(function(origin, mode, credentials) {
-            var url = build_rewrite_url(
-                origin, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'omit');
-            // Fetch to the other origin with same-origin mode should fail.
-            if (origin == OTHER_ORIGIN && mode == 'same-origin')
-              return promises.push(ng_test(f, url, mode, credentials));
-            // The response from the SW should be cors.
-            promises.push(
-                ok_test(f, url, mode, credentials, 'cors', 'undefined'));
-          });
+for_each_origin_mode_credentials(function(origin, mode, credentials) {
+  var url = build_rewrite_url(
+      origin, OTHER_BASE_URL, 'no-cors', 'omit');
 
-          for_each_origin_mode_credentials(function(origin, mode, credentials) {
-            var url = build_rewrite_url(
-                origin,
-                OTHER_BASE_URL + 'ACAOrigin=' + BASE_ORIGIN +
-                '&ACACredentials=true',
-                'cors', 'include');
-            // Fetch to the other origin with same-origin mode should fail.
-            if (origin == OTHER_ORIGIN && mode == 'same-origin')
-              return promises.push(ng_test(f, url, mode, credentials));
-            // The response from the SW should be cors.
-            promises.push(
-                ok_test(f, url, mode, credentials, 'cors', 'username2'));
-          });
-          return Promise.all(promises);
-        })
-      .then(function(f) {
-          frame.remove()
-        })
-      .catch(unreached_rejection(t));
-  }, 'Verify the tainting of responses fetched via SW');
+  // SW can respond only to no-cors requests.
+  if (mode != 'no-cors') {
+    ng_test(url, mode, credentials);
+  } else {
+    // The response type from the SW should be opaque.
+    ok_test(url, mode, credentials, 'opaque');
+  }
+});
+
+for_each_origin_mode_credentials(function(origin, mode, credentials) {
+  var url = build_rewrite_url(
+      origin, OTHER_BASE_URL + 'ACAOrigin=*', 'cors', 'omit');
+
+  // Fetch to the other origin with same-origin mode should fail.
+  if (origin == OTHER_ORIGIN && mode == 'same-origin') {
+    ng_test(url, mode, credentials);
+  } else {
+    // The response from the SW should be cors.
+    ok_test(url, mode, credentials, 'cors', 'undefined');
+  }
+});
+
+for_each_origin_mode_credentials(function(origin, mode, credentials) {
+  var url = build_rewrite_url(
+      origin,
+      OTHER_BASE_URL + 'ACAOrigin=' + BASE_ORIGIN +
+      '&ACACredentials=true',
+      'cors', 'include');
+  // Fetch to the other origin with same-origin mode should fail.
+  if (origin == OTHER_ORIGIN && mode == 'same-origin') {
+    ng_test(url, mode, credentials);
+  } else {
+    // The response from the SW should be cors.
+    ok_test(url, mode, credentials, 'cors', 'username1s');
+  }
+});
 </script>
 </body>