Fetch Metadata: Add a test for <embed> navigated after loading.

@annevk noted in whatwg/fetch#948 (comment) that it was possible to navigate an `<embed>` after it loads. In this case, it seems safest to ensure that this navigation shows up with a destination of `embed` and a mode of `no-cors`. That seems to be what we're sending today via Fetch Metadata, so let's lock it in via this patch's tests. I suspect it's not what the underlying `fetch()` API would show in a service worker, but we can deal with that in a separate patch. Bug: 1011763 Change-Id: I0156b2b1b467c914b15f6af50dfa37ce74db6c62 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1844996 Commit-Queue: Mike West <[email protected]> Reviewed-by: Daniel Vogelheim <[email protected]> Cr-Commit-Position: refs/heads/master@{#705518}
web-platform-tests · Oct 16, 2019 · 5afa7f6 · 5afa7f6
1 parent 3b1798b
commit 5afa7f6
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 58 deletions.
diff --git a/fetch/metadata/embed.tentative.https.sub.html b/fetch/metadata/embed.tentative.https.sub.html
@@ -7,62 +7,52 @@
 <script src=/common/utils.js></script>
 <body>
 <script>
-  let nonce = token();
-
-  promise_test(t => {
-    return new Promise((resolve, reject) => {
-      let key = "embed-same-origin" + nonce;
-
-      let e = document.createElement('embed');
-      e.src = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
-      e.onload = e => {
-        let expected = {"site":"same-origin", "user":"", "mode":"no-cors"};
-        fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
-          .then(response => response.text())
-          .then(text => assert_header_equals(text, expected))
-          .then(_ => resolve())
-          .catch(e => reject(e));
-      };
-
-      document.body.appendChild(e);
-    })
-  }, "Same-Origin embed");
-
-  promise_test(t => {
-    return new Promise((resolve, reject) => {
-      let key = "embed-same-site" + nonce;
-
-      let e = document.createElement('embed');
-      e.src = "https://{{hosts[][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
-      e.onload = e => {
-        let expected = {"site":"same-site", "user":"", "mode":"no-cors"};
-        fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
-          .then(response => response.text())
-          .then(text => assert_header_equals(text, expected))
-          .then(_ => resolve())
-          .catch(e => reject(e));
-      };
-
-      document.body.appendChild(e);
-    })
-  }, "Same-Site embed");
-
-  promise_test(t => {
-    return new Promise((resolve, reject) => {
-      let key = "embed-cross-site" + nonce;
-
-      let e = document.createElement('embed');
-      e.src = "https://{{hosts[alt][www]}}:{{ports[https][0]}}/fetch/metadata/resources/record-header.py?file=" + key;
-      e.onload = e => {
-        let expected = {"site":"cross-site", "user":"", "mode":"no-cors"};
-        fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
-          .then(response => response.text())
-          .then(text => assert_header_equals(text, expected))
-          .then(_ => resolve())
-          .catch(e => reject(e));
-      };
-
-      document.body.appendChild(e);
-    })
-  }, "Cross-Site embed");
+  const nonce = token();
+
+  const origins = {
+    "same-origin": "https://{{host}}:{{ports[https][0]}}",
+    "same-site":   "https://{{hosts[][www]}}:{{ports[https][0]}}",
+    "cross-site":  "https://{{hosts[alt][www]}}:{{ports[https][0]}}",
+  };
+
+  for (let site in origins) {
+    promise_test(t => {
+      return new Promise((resolve, reject) => {
+        let key = "embed-" + site + "-" + nonce;
+
+        let el = document.createElement('embed');
+        el.src = origins[site] + "/fetch/metadata/resources/record-header.py?file=" + key;
+        el.onload = _ => {
+          let expected = {"dest": "embed", "site": site, "user": "", "mode":"no-cors"};
+          validate_expectations(key, expected, site + " embed")
+            .then(resolve)
+            .catch(reject);
+        };
+
+        document.body.appendChild(el);
+      })
+    }, "Wrapper: " + site + " embed");
+
+    promise_test(t => {
+      return new Promise((resolve, reject) => {
+        let key = "post-embed-" + site + "-" + nonce;
+
+        let el = document.createElement('embed');
+        el.src = "/common/blank.html";
+        el.addEventListener("load", _ => {
+          el.addEventListener("load", _ => {
+            let expected = {"dest": "embed", "site": site, "user":"", "mode":"no-cors"};
+            validate_expectations(key, expected, "Navigate to " + site + " embed")
+              .then(resolve)
+              .catch(reject);
+          }, { once: true });
+
+          // Navigate the existing `<embed>`
+          window.frames[window.length - 1].location = origins[site] + "/fetch/metadata/resources/record-header.py?file=" + key;
+        }, { once: true });
+
+        document.body.appendChild(el);
+      })
+    }, "Wrapper: Navigate to " + site + " embed");
+  }
 </script>
diff --git a/fetch/metadata/resources/helper.js b/fetch/metadata/resources/helper.js
@@ -2,6 +2,19 @@ function wrap_by_tag(tag, text) {
   return tag ? `${tag}: ${text}`: text;
 }
 
+function validate_expectations(key, expected, tag) {
+  return fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=" + key)
+    .then(response => response.text())
+    .then(text => {
+      assert_not_equals(text, "No header has been recorded");
+      let value = JSON.parse(text);
+      test(t => assert_equals(value.dest, expected.dest), `${tag}: sec-fetch-dest`);
+      test(t => assert_equals(value.mode, expected.mode), `${tag}: sec-fetch-mode`);
+      test(t => assert_equals(value.site, expected.site), `${tag}: sec-fetch-site`);
+      test(t => assert_equals(value.user, expected.user), `${tag}: sec-fetch-user`);
+    });
+};
+
 /**
  * @param {object} value
  * @param {object} expected