Google Git
Sign in
chromium / external / w3c / web-platform-tests / refs/heads/chromium-export-cl-5078187
commitdd77a1c4d82a751bd2ed70f90ce03de552c314ac[log] [tgz]
authorJeremy Roman <jbroman@chromium.org>Wed Dec 06 22:19:00 2023
committerChromium WPT Sync <blink-w3c-test-autoroller@chromium.org>Wed Dec 06 22:19:00 2023
treec10a4ea8db6aa2dd525bb17ad72662e8f5440dc9
parentb675788b7ffa130c95611124da4b4d964e46b23a [diff]
WPT tests for security features applied to speculation rules ruleset fetch

This adds WPT coverage for the fetch of the speculation rules
themselves (via the `Speculation-Rules` header). These are fairly
standard in how they work, but because these requests are currently
triggered only via a response header, they don't mesh very well with
the existing test harness for several reasons:

1. We need to make a new context to issue the request. A window
   works most naturally, since a UA might not bother fetching rules
   in a subframe).

   This has knock-on consequences, like the need to replicate the
   headers for the security features to this opened window, which
   is awkward because what these headers were isn't plumbed in yet
   and isn't easy to obtain from script.

2. Since this isn't requested via an element or script API, there
   is currently no explicit signal when this request has completed,
   successfully or otherwise. Instead, we poll the server to see
   when it has processed the request, timing out after some time
   if the request has not been seen (this is expected in the case
   that it is blocked).

   This has the potential to be flaky, though some steps are taken
   to mitigate this (and further ones could be, like using a longer
   or infinite timeout when the request should be allowed, but this
   requires plumbing the expected result deeper, which is awkward
   with the test generation machinery).

3. Since it is processed as a response header early in the
   lifecycle of the document, we can't rely on
   securitypolicyviolation events to be fired in that context with
   any determinism. In theory this could be worked around by having
   the server process violation reports but this has its own issues.
   Instead they're skipped here, but not in an elegant way.

Bug: 1507833
Change-Id: I3e5de39191241ebee592c8e9ea85e38f462e1d7c
25 files changed
tree: c10a4ea8db6aa2dd525bb17ad72662e8f5440dc9
  1. .github/
  2. .well-known/
  3. accelerometer/
  4. accessibility/
  5. accname/
  6. acid/
  7. ambient-light/
  8. animation-worklet/
  9. annotation-model/
  10. annotation-protocol/
  11. annotation-vocab/
  12. apng/
  13. appmanifest/
  14. attribution-reporting/
  15. audio-output/
  16. autoplay-policy-detection/
  17. avif/
  18. background-fetch/
  19. background-sync/
  20. badging/
  21. battery-status/
  22. beacon/
  23. bluetooth/
  24. browsing-topics/
  25. captured-mouse-events/
  26. clear-site-data/
  27. client-hints/
  28. clipboard-apis/
  29. close-watcher/
  30. common/
  31. compat/
  32. compression/
  33. compute-pressure/
  34. conformance-checkers/
  35. console/
  36. contacts/
  37. content-dpr/
  38. content-index/
  39. content-security-policy/
  40. contenteditable/
  41. cookie-deprecation-label/
  42. cookie-store/
  43. cookies/
  44. core-aam/
  45. cors/
  46. credential-management/
  47. css/
  48. custom-elements/
  49. custom-state-pseudo-class/
  50. delegated-ink/
  51. density-size-correction/
  52. deprecation-reporting/
  53. device-memory/
  54. direct-sockets/
  55. docs/
  56. document-picture-in-picture/
  57. document-policy/
  58. dom/
  59. domparsing/
  60. domxpath/
  61. dpub-aam/
  62. dpub-aria/
  63. ecmascript/
  64. editing/
  65. element-timing/
  66. encoding/
  67. encoding-detection/
  68. encrypted-media/
  69. entries-api/
  70. event-timing/
  71. eventsource/
  72. eyedropper/
  73. feature-policy/
  74. fenced-frame/
  75. fetch/
  76. file-system-access/
  77. FileAPI/
  78. fledge/
  79. focus/
  80. font-access/
  81. fonts/
  82. forced-colors-mode/
  83. fs/
  84. fullscreen/
  85. gamepad/
  86. generic-sensor/
  87. geolocation-API/
  88. geolocation-sensor/
  89. graphics-aam/
  90. graphics-aria/
  91. gyroscope/
  92. hr-time/
  93. html/
  94. html-aam/
  95. html-longdesc/
  96. html-media-capture/
  97. https-upgrades/
  98. idle-detection/
  99. imagebitmap-renderingcontext/
  100. images/
  101. import-maps/
  102. IndexedDB/
  103. inert/
  104. infrastructure/
  105. input-device-capabilities/
  106. input-events/
  107. installedapp/
  108. interfaces/
  109. intersection-observer/
  110. intervention-reporting/
  111. is-input-pending/
  112. jpegxl/
  113. js/
  114. js-self-profiling/
  115. keyboard-lock/
  116. keyboard-map/
  117. largest-contentful-paint/
  118. layout-instability/
  119. lifecycle/
  120. loading/
  121. long-animation-frame/
  122. longtask-timing/
  123. magnetometer/
  124. managed/
  125. mathml/
  126. measure-memory/
  127. media/
  128. media-capabilities/
  129. media-playback-quality/
  130. media-source/
  131. mediacapture-extensions/
  132. mediacapture-fromelement/
  133. mediacapture-handle/
  134. mediacapture-image/
  135. mediacapture-insertable-streams/
  136. mediacapture-record/
  137. mediacapture-region/
  138. mediacapture-streams/
  139. mediasession/
  140. merchant-validation/
  141. mimesniff/
  142. mixed-content/
  143. mst-content-hint/
  144. navigation-api/
  145. navigation-timing/
  146. netinfo/
  147. network-error-logging/
  148. notifications/
  149. old-tests/
  150. orientation-event/
  151. orientation-sensor/
  152. page-lifecycle/
  153. page-visibility/
  154. paint-timing/
  155. parakeet/
  156. payment-handler/
  157. payment-method-basic-card/
  158. payment-method-id/
  159. payment-request/
  160. pending-beacon/
  161. performance-timeline/
  162. periodic-background-sync/
  163. permissions/
  164. permissions-policy/
  165. permissions-request/
  166. permissions-revoke/
  167. picture-in-picture/
  168. png/
  169. pointerevents/
  170. pointerlock/
  171. preload/
  172. presentation-api/
  173. print/
  174. private-aggregation/
  175. private-click-measurement/
  176. proximity/
  177. push-api/
  178. quirks/
  179. referrer-policy/
  180. remote-playback/
  181. reporting/
  182. requestidlecallback/
  183. resize-observer/
  184. resource-timing/
  185. resources/
  186. sanitizer-api/
  187. savedata/
  188. scheduler/
  189. screen-capture/
  190. screen-details/
  191. screen-orientation/
  192. screen-wake-lock/
  193. scroll-animations/
  194. scroll-to-text-fragment/
  195. secure-contexts/
  196. secure-payment-confirmation/
  197. selection/
  198. serial/
  199. server-timing/
  200. service-workers/
  201. shadow-dom/
  202. shape-detection/
  203. shared-storage/
  204. shared-storage-selecturl-limit/
  205. signed-exchange/
  206. soft-navigation-heuristics/
  207. speculation-rules/
  208. speech-api/
  209. storage/
  210. storage-access-api/
  211. streams/
  212. subapps/
  213. subresource-integrity/
  214. svg/
  215. svg-aam/
  216. timing-entrytypes-registry/
  217. tools/
  218. top-level-storage-access-api/
  219. touch-events/
  220. trust-tokens/
  221. trusted-types/
  222. ua-client-hints/
  223. uievents/
  224. upgrade-insecure-requests/
  225. url/
  226. urlpattern/
  227. user-timing/
  228. vibration/
  229. video-rvfc/
  230. virtual-keyboard/
  231. visual-viewport/
  232. wai-aria/
  233. wasm/
  234. web-animations/
  235. web-bundle/
  236. web-locks/
  237. web-nfc/
  238. web-otp/
  239. web-share/
  240. webaudio/
  241. webauthn/
  242. webcodecs/
  243. WebCryptoAPI/
  244. webdriver/
  245. webgl/
  246. webgpu/
  247. webhid/
  248. webidl/
  249. webmessaging/
  250. webmidi/
  251. webnn/
  252. webrtc/
  253. webrtc-encoded-transform/
  254. webrtc-extensions/
  255. webrtc-ice/
  256. webrtc-identity/
  257. webrtc-priority/
  258. webrtc-stats/
  259. webrtc-svc/
  260. websockets/
  261. webstorage/
  262. webtransport/
  263. webusb/
  264. webvr/
  265. webvtt/
  266. webxr/
  267. window-management/
  268. workers/
  269. worklets/
  270. x-frame-options/
  271. xhr/
  272. .azure-pipelines.yml
  273. .gitattributes
  274. .gitignore
  275. .mailmap
  276. .taskcluster.yml
  277. CODE_OF_CONDUCT.md
  278. CODEOWNERS
  279. CONTRIBUTING.md
  280. LICENSE.md
  281. lint.ignore
  282. README.md
  283. wpt
  284. wpt.py
README.md

The web-platform-tests Project

Taskcluster CI Status documentation manifest Python 3

The web-platform-tests Project is a cross-browser test suite for the Web-platform stack. Writing tests in a way that allows them to be run in all browsers gives browser projects confidence that they are shipping software that is compatible with other implementations, and that later implementations will be compatible with their implementations. This in turn gives Web authors/developers confidence that they can actually rely on the Web platform to deliver on the promise of working across browsers and devices without needing extra layers of abstraction to paper over the gaps left by specification editors and implementors.

The most important sources of information and activity are:

  • github.com/web-platform-tests/wpt: the canonical location of the project's source code revision history and the discussion forum for changes to the code
  • web-platform-tests.org: the documentation website; details how to set up the project, how to write tests, how to give and receive peer review, how to serve as an administrator, and more
  • wpt.live: a public deployment of the test suite, allowing anyone to run the tests by visiting from an Internet-enabled browser of their choice
  • wpt.fyi: an archive of test results collected from an array of web browsers on a regular basis
  • Real-time chat room: the wpt:matrix.org matrix channel; includes participants located around the world, but busiest during the European working day.
  • Mailing list: a public and low-traffic discussion list
  • RFCs: a repo for requesting comments on substantial changes that would impact other stakeholders or users; people who work on WPT infra are encouraged to watch the repo.

If you'd like clarification about anything, don't hesitate to ask in the chat room or on the mailing list.

Setting Up the Repo

Clone or otherwise get https://github.com/web-platform-tests/wpt.

Note: because of the frequent creation and deletion of branches in this repo, it is recommended to “prune” stale branches when fetching updates, i.e. use git pull --prune (or git fetch -p && git merge).

Running the Tests

See the documentation website and in particular the system setup for running tests locally.

Command Line Tools

The wpt command provides a frontend to a variety of tools for working with and running web-platform-tests. Some of the most useful commands are:

  • wpt serve - For starting the wpt http server
  • wpt run - For running tests in a browser
  • wpt lint - For running the lint against all tests
  • wpt manifest - For updating or generating a MANIFEST.json test manifest
  • wpt install - For installing the latest release of a browser or webdriver server on the local machine.
  • wpt serve-wave - For starting the wpt http server and the WAVE test runner. For more details on how to use the WAVE test runner see the documentation.

Windows Notes

On Windows wpt commands must be prefixed with python or the path to the python binary (if python is not in your %PATH%).

python wpt [command]

Alternatively, you may also use Bash on Ubuntu on Windows in the Windows 10 Anniversary Update build, then access your windows partition from there to launch wpt commands.

Please make sure git and your text editor do not automatically convert line endings, as it will cause lint errors. For git, please set git config core.autocrlf false in your working tree.

Publication

The master branch is automatically synced to wpt.live and w3c-test.org.

Contributing

Save the Web, Write Some Tests!

Absolutely everyone is welcome to contribute to test development. No test is too small or too simple, especially if it corresponds to something for which you've noted an interoperability bug in a browser.

The way to contribute is just as usual:

  • Fork this repository (and make sure you're still relatively in sync with it if you forked a while ago).
  • Create a branch for your changes: git checkout -b topic.
  • Make your changes.
  • Run ./wpt lint as described above.
  • Commit locally and push that to your repo.
  • Create a pull request based on the above.

Issues with web-platform-tests

If you spot an issue with a test and are not comfortable providing a pull request per above to fix it, please file a new issue. Thank you!