Revert "Fenced frames: Local network access."
This reverts commit c02af164b8b7cee63e3c97901113c386f9100e67.
Reason for revert: The tests introduced in this CL are failing.
Original change's description:
> Fenced frames: Local network access.
>
> Fenced frames are only allowed in secure context. So the tests are
> all in secure contexts.
>
> 1. Subresource fetch:
>
> Fenced frame's IP address space is set to `kPublic` in order to make
> it subject to local network access check.
>
> web_tests/external/wpt/fetch/local-network-access/
> fetch.https.window.js is replicated and replaced iframes with fenced
> frames. All test cases are passing with the same behaviors as iframes.
>
> 2. Document fetch:
>
> Fenced frame's document fetch initiator can only be the parent.
> Fenced frames can only be navigated in two ways:
>
> 1. Directly by their parent, and never by another frame at a distance
> via `window.location` or `window.open`; in this case the `ClientSecurityState` needs to come from the parent.
> 2. By themselves; in this case the `ClientSecurityState` also needs to
> come from its embedder/parent.
>
> The ClientSecurityState of its parent is supplied to the
> NavigationURLLoader.
>
> web_tests/external/wpt/fetch/local-network-access/
> iframe.tentative.https.window.js is replicated and replaced iframes
> with fenced frames. All test cases have the same results as the
> iframe test expectations, except one:
>
> treat-as-public-address to local (same-origin): no preflight
> required
>
> - Iframe: the request is made without preflight. The nested iframe is
> loaded successfully.
>
> - Fenced frame: a preflight is made, and gets blocked. See a. below.
>
> I changed the test expectation for this test only. (PASS for iframe,
> but FAIL for fenced frame)
>
> Here are some noteworthy things we observed for document fetch. The
> following only applies to embedder-initiated navigations (i.e., the
> initial navigation of the frame):
> a. Fenced frame's document fetch's preflight request is always sent
> with `Origin: null`. This applies to embedder-initiated navigations
> (i.e., the initial navigation of the frame). I think this affects the
> outcome of Local Network Access check algorithm.
> https://source.chromium.org/chromium/chromium/src/+/main:content/browser/fenced_frame/fenced_frame.cc;l=119-126?q=fencedframe::n&ss=chromium%2Fchromium%2Fsrc
>
> A `null` origin implies
> LocalNetworkAccessChecker::is_potentially_trustworthy_same_origin_
> will always be false.
>
> b. For testing purposes, we tried manually overriding the initiator
> origin with a real origin and found that the preflight request still
> failed. This is because the credentials mode of the navigation is
> `'include'`, which prevents `Access-Control-Allow-Origin: '*'` from
> working, which iframes equivalently suffer from: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/fetch/local-network-access/iframe.tentative.https.window-expected.txt?q=%22FAIL%20%22%20f:third_party%2Fblink%2Fweb_tests%2Fexternal%2Fwpt%2Ffetch%2Flocal-network-access%2Fiframe.tentative.https.window-expected.txt.
>
> Bug: 1420626
> Change-Id: I74c97369d235e1725c650bfe87f29372992cb56b
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4532557
> Reviewed-by: Titouan Rigoudy <titouan@chromium.org>
> Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
> Reviewed-by: Weizhong Xia <weizhong@google.com>
> Commit-Queue: Xiaochen Zhou <xiaochenzh@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#1154027}
Bug: 1420626, 1451954
Change-Id: I6782a98adb7536062c2192a0b815c0d2e8146ac2
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4595360
Owners-Override: Nathan Memmott <memmott@chromium.org>
Commit-Queue: Nathan Memmott <memmott@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/heads/main@{#1154123}
diff --git a/fetch/local-network-access/fenced-frame-subresource-fetch.tentative.https.window.js b/fetch/local-network-access/fenced-frame-subresource-fetch.tentative.https.window.js
deleted file mode 100644
index 1b27396..0000000
--- a/fetch/local-network-access/fenced-frame-subresource-fetch.tentative.https.window.js
+++ /dev/null
@@ -1,329 +0,0 @@
-// META: script=/common/subset-tests-by-key.js
-// META: script=/common/utils.js
-// META: script=resources/support.sub.js
-// META: script=/fenced-frame/resources/utils.js
-// META: variant=?include=baseline
-// META: variant=?include=from-local
-// META: variant=?include=from-private
-// META: variant=?include=from-public
-//
-// Spec: https://wicg.github.io/private-network-access/#integration-fetch
-//
-// These tests verify that secure contexts can fetch subresources in fenced
-// frames from all address spaces, provided that the target server, if more
-// private than the initiator, respond affirmatively to preflight requests.
-//
-
-setup(() => {
- // Making sure we are in a secure context, as expected.
- assert_true(window.isSecureContext);
-});
-
-// Source: secure local context.
-//
-// All fetches unaffected by Private Network Access.
-
-subsetTestByKey(
- 'from-local', promise_test, t => fencedFrameFetchTest(t, {
- source: {server: Server.HTTPS_LOCAL},
- target: {server: Server.HTTPS_LOCAL},
- fetchOptions: {method: 'GET', mode: 'cors'},
- expected: FetchTestResult.SUCCESS,
- }),
- 'local to local: no preflight required.');
-
-subsetTestByKey(
- 'from-local', promise_test,
- t => fencedFrameFetchTest(t, {
- source: {server: Server.HTTPS_LOCAL},
- target: {
- server: Server.HTTPS_PRIVATE,
- behavior: {response: ResponseBehavior.allowCrossOrigin()},
- },
- fetchOptions: {method: 'GET', mode: 'cors'},
- expected: FetchTestResult.SUCCESS,
- }),
- 'local to private: no preflight required.');
-
-
-subsetTestByKey(
- 'from-local', promise_test,
- t => fencedFrameFetchTest(t, {
- source: {server: Server.HTTPS_LOCAL},
- target: {
- server: Server.HTTPS_PUBLIC,
- behavior: {response: ResponseBehavior.allowCrossOrigin()},
- },
- fetchOptions: {method: 'GET', mode: 'cors'},
- expected: FetchTestResult.SUCCESS,
- }),
- 'local to public: no preflight required.');
-
-// Strictly speaking, the following two tests do not exercise PNA-specific
-// logic, but they serve as a baseline for comparison, ensuring that non-PNA
-// preflight requests are sent and handled as expected.
-
-subsetTestByKey(
- 'baseline', promise_test,
- t => fencedFrameFetchTest(t, {
- source: {server: Server.HTTPS_LOCAL},
- target: {
- server: Server.HTTPS_PUBLIC,
- behavior: {
- preflight: PreflightBehavior.failure(),
- response: ResponseBehavior.allowCrossOrigin(),
- },
- },
- fetchOptions: {method: 'PUT', mode: 'cors'},
- expected: FetchTestResult.FAILURE,
- }),
- 'local to public: PUT preflight failure.');
-
-subsetTestByKey(
- 'baseline', promise_test,
- t => fencedFrameFetchTest(t, {
- source: {server: Server.HTTPS_LOCAL},
- target: {
- server: Server.HTTPS_PUBLIC,
- behavior: {
- preflight: PreflightBehavior.success(token()),
- response: ResponseBehavior.allowCrossOrigin(),
- }
- },
- fetchOptions: {method: 'PUT', mode: 'cors'},
- expected: FetchTestResult.SUCCESS,
- }),
- 'local to public: PUT preflight success.');
-
-// Generates tests of preflight behavior for a single (source, target) pair.
-//
-// Scenarios:
-//
-// - cors mode:
-// - preflight response has non-2xx HTTP code
-// - preflight response is missing CORS headers
-// - preflight response is missing the PNA-specific `Access-Control` header
-// - final response is missing CORS headers
-// - success
-// - success with PUT method (non-"simple" request)
-// - no-cors mode:
-// - preflight response has non-2xx HTTP code
-// - preflight response is missing CORS headers
-// - preflight response is missing the PNA-specific `Access-Control` header
-// - success
-//
-function makePreflightTests({
- subsetKey,
- source,
- sourceDescription,
- targetServer,
- targetDescription,
-}) {
- const prefix = `${sourceDescription} to ${targetDescription}: `;
-
- subsetTestByKey(
- subsetKey, promise_test,
- t => fencedFrameFetchTest(t, {
- source,
- target: {
- server: targetServer,
- behavior: {
- preflight: PreflightBehavior.failure(),
- response: ResponseBehavior.allowCrossOrigin(),
- },
- },
- fetchOptions: {method: 'GET', mode: 'cors'},
- expected: FetchTestResult.FAILURE,
- }),
- prefix + 'failed preflight.');
-
- subsetTestByKey(
- subsetKey, promise_test,
- t => fencedFrameFetchTest(t, {
- source,
- target: {
- server: targetServer,
- behavior: {
- preflight: PreflightBehavior.noCorsHeader(token()),
- response: ResponseBehavior.allowCrossOrigin(),
- },
- },
- fetchOptions: {method: 'GET', mode: 'cors'},
- expected: FetchTestResult.FAILURE,
- }),
- prefix + 'missing CORS headers on preflight response.');
-
- subsetTestByKey(
- subsetKey, promise_test,
- t => fencedFrameFetchTest(t, {
- source,
- target: {
- server: targetServer,
- behavior: {
- preflight: PreflightBehavior.noPnaHeader(token()),
- response: ResponseBehavior.allowCrossOrigin(),
- },
- },
- fetchOptions: {method: 'GET', mode: 'cors'},
- expected: FetchTestResult.FAILURE,
- }),
- prefix + 'missing PNA header on preflight response.');
-
- subsetTestByKey(
- subsetKey, promise_test,
- t => fencedFrameFetchTest(t, {
- source,
- target: {
- server: targetServer,
- behavior: {preflight: PreflightBehavior.success(token())},
- },
- fetchOptions: {method: 'GET', mode: 'cors'},
- expected: FetchTestResult.FAILURE,
- }),
- prefix + 'missing CORS headers on final response.');
-
- subsetTestByKey(
- subsetKey, promise_test,
- t => fencedFrameFetchTest(t, {
- source,
- target: {
- server: targetServer,
- behavior: {
- preflight: PreflightBehavior.success(token()),
- response: ResponseBehavior.allowCrossOrigin(),
- },
- },
- fetchOptions: {method: 'GET', mode: 'cors'},
- expected: FetchTestResult.SUCCESS,
- }),
- prefix + 'success.');
-
- subsetTestByKey(
- subsetKey, promise_test,
- t => fencedFrameFetchTest(t, {
- source,
- target: {
- server: targetServer,
- behavior: {
- preflight: PreflightBehavior.success(token()),
- response: ResponseBehavior.allowCrossOrigin(),
- },
- },
- fetchOptions: {method: 'PUT', mode: 'cors'},
- expected: FetchTestResult.SUCCESS,
- }),
- prefix + 'PUT success.');
-
- subsetTestByKey(
- subsetKey, promise_test, t => fencedFrameFetchTest(t, {
- source,
- target: {server: targetServer},
- fetchOptions: {method: 'GET', mode: 'no-cors'},
- expected: FetchTestResult.FAILURE,
- }),
- prefix + 'no-CORS mode failed preflight.');
-
- subsetTestByKey(
- subsetKey, promise_test,
- t => fencedFrameFetchTest(t, {
- source,
- target: {
- server: targetServer,
- behavior: {preflight: PreflightBehavior.noCorsHeader(token())},
- },
- fetchOptions: {method: 'GET', mode: 'no-cors'},
- expected: FetchTestResult.FAILURE,
- }),
- prefix + 'no-CORS mode missing CORS headers on preflight response.');
-
- subsetTestByKey(
- subsetKey, promise_test,
- t => fencedFrameFetchTest(t, {
- source,
- target: {
- server: targetServer,
- behavior: {preflight: PreflightBehavior.noPnaHeader(token())},
- },
- fetchOptions: {method: 'GET', mode: 'no-cors'},
- expected: FetchTestResult.FAILURE,
- }),
- prefix + 'no-CORS mode missing PNA header on preflight response.');
-
- subsetTestByKey(
- subsetKey, promise_test,
- t => fencedFrameFetchTest(t, {
- source,
- target: {
- server: targetServer,
- behavior: {preflight: PreflightBehavior.success(token())},
- },
- fetchOptions: {method: 'GET', mode: 'no-cors'},
- expected: FetchTestResult.OPAQUE,
- }),
- prefix + 'no-CORS mode success.');
-}
-
-// Source: private secure context.
-//
-// Fetches to the local address space require a successful preflight response
-// carrying a PNA-specific header.
-
-makePreflightTests({
- subsetKey: 'from-private',
- source: {server: Server.HTTPS_PRIVATE},
- sourceDescription: 'private',
- targetServer: Server.HTTPS_LOCAL,
- targetDescription: 'local',
-});
-
-subsetTestByKey(
- 'from-private', promise_test, t => fencedFrameFetchTest(t, {
- source: {server: Server.HTTPS_PRIVATE},
- target: {server: Server.HTTPS_PRIVATE},
- fetchOptions: {method: 'GET', mode: 'cors'},
- expected: FetchTestResult.SUCCESS,
- }),
- 'private to private: no preflight required.');
-
-subsetTestByKey(
- 'from-private', promise_test,
- t => fencedFrameFetchTest(t, {
- source: {server: Server.HTTPS_PRIVATE},
- target: {
- server: Server.HTTPS_PRIVATE,
- behavior: {response: ResponseBehavior.allowCrossOrigin()},
- },
- fetchOptions: {method: 'GET', mode: 'cors'},
- expected: FetchTestResult.SUCCESS,
- }),
- 'private to public: no preflight required.');
-
-// Source: public secure context.
-//
-// Fetches to the local and private address spaces require a successful
-// preflight response carrying a PNA-specific header.
-
-makePreflightTests({
- subsetKey: 'from-public',
- source: {server: Server.HTTPS_PUBLIC},
- sourceDescription: 'public',
- targetServer: Server.HTTPS_LOCAL,
- targetDescription: 'local',
-});
-
-makePreflightTests({
- subsetKey: 'from-public',
- source: {server: Server.HTTPS_PUBLIC},
- sourceDescription: 'public',
- targetServer: Server.HTTPS_PRIVATE,
- targetDescription: 'private',
-});
-
-subsetTestByKey(
- 'from-public', promise_test, t => fencedFrameFetchTest(t, {
- source: {server: Server.HTTPS_PUBLIC},
- target: {server: Server.HTTPS_PUBLIC},
- fetchOptions: {method: 'GET', mode: 'cors'},
- expected: FetchTestResult.SUCCESS,
- }),
- 'public to public: no preflight required.');
diff --git a/fetch/local-network-access/fenced-frame.tentative.https.window.js b/fetch/local-network-access/fenced-frame.tentative.https.window.js
deleted file mode 100644
index 5e55b15..0000000
--- a/fetch/local-network-access/fenced-frame.tentative.https.window.js
+++ /dev/null
@@ -1,226 +0,0 @@
-// META: script=/common/dispatcher/dispatcher.js
-// META: script=/common/utils.js
-// META: script=resources/support.sub.js
-// META: script=/fenced-frame/resources/utils.js
-//
-// Spec: https://wicg.github.io/private-network-access/#integration-fetch
-//
-// These tests verify that contexts can navigate fenced frames to less-public
-// address spaces iff the target server responds affirmatively to preflight
-// requests.
-
-setup(() => {
- assert_true(window.isSecureContext);
-});
-
-// Source: secure local context.
-//
-// All fetches unaffected by Private Network Access.
-
-promise_test_parallel(
- t => fencedFrameTest(t, {
- source: {server: Server.HTTPS_LOCAL},
- target: {server: Server.HTTPS_LOCAL},
- expected: FrameTestResult.SUCCESS,
- }),
- 'local to local: no preflight required.');
-
-promise_test_parallel(
- t => fencedFrameTest(t, {
- source: {server: Server.HTTPS_LOCAL},
- target: {server: Server.HTTPS_PRIVATE},
- expected: FrameTestResult.SUCCESS,
- }),
- 'local to private: no preflight required.');
-
-promise_test_parallel(
- t => fencedFrameTest(t, {
- source: {server: Server.HTTPS_LOCAL},
- target: {server: Server.HTTPS_PUBLIC},
- expected: FrameTestResult.SUCCESS,
- }),
- 'local to public: no preflight required.');
-
-// Generates tests of preflight behavior for a single (source, target) pair.
-//
-// Scenarios:
-//
-// - parent navigates child:
-// - preflight response has non-2xx HTTP code
-// - preflight response is missing CORS headers
-// - preflight response is missing the PNA-specific `Access-Control` header
-// - preflight response has the required PNA related headers, but still fails
-// because of the limitation of fenced frame that subjects to PNA checks.
-//
-function makePreflightTests({
- sourceName,
- sourceServer,
- sourceTreatAsPublic,
- targetName,
- targetServer,
-}) {
- const prefix = `${sourceName} to ${targetName}: `;
-
- const source = {
- server: sourceServer,
- treatAsPublic: sourceTreatAsPublic,
- };
-
- promise_test_parallel(
- t => fencedFrameTest(t, {
- source,
- target: {
- server: targetServer,
- behavior: {preflight: PreflightBehavior.failure()},
- },
- expected: FrameTestResult.FAILURE,
- }),
- prefix + 'failed preflight.');
-
- promise_test_parallel(
- t => fencedFrameTest(t, {
- source,
- target: {
- server: targetServer,
- behavior: {preflight: PreflightBehavior.noCorsHeader(token())},
- },
- expected: FrameTestResult.FAILURE,
- }),
- prefix + 'missing CORS headers.');
-
- promise_test_parallel(
- t => fencedFrameTest(t, {
- source,
- target: {
- server: targetServer,
- behavior: {preflight: PreflightBehavior.noPnaHeader(token())},
- },
- expected: FrameTestResult.FAILURE,
- }),
- prefix + 'missing PNA header.');
-
- promise_test_parallel(
- t => fencedFrameTest(t, {
- source,
- target: {
- server: targetServer,
- behavior: {
- preflight: PreflightBehavior.success(token()),
- response: ResponseBehavior.allowCrossOrigin()
- },
- },
- expected: FrameTestResult.FAILURE,
- }),
- prefix + 'failed because fenced frames are incompatible with PNA.');
-}
-
-// Source: private secure context.
-//
-// Fetches to the local address space require a successful preflight response
-// carrying a PNA-specific header.
-
-makePreflightTests({
- sourceServer: Server.HTTPS_PRIVATE,
- sourceName: 'private',
- targetServer: Server.HTTPS_LOCAL,
- targetName: 'local',
-});
-
-promise_test_parallel(
- t => fencedFrameTest(t, {
- source: {server: Server.HTTPS_PRIVATE},
- target: {server: Server.HTTPS_PRIVATE},
- expected: FrameTestResult.SUCCESS,
- }),
- 'private to private: no preflight required.');
-
-promise_test_parallel(
- t => fencedFrameTest(t, {
- source: {server: Server.HTTPS_PRIVATE},
- target: {server: Server.HTTPS_PUBLIC},
- expected: FrameTestResult.SUCCESS,
- }),
- 'private to public: no preflight required.');
-
-// Source: public secure context.
-//
-// Fetches to the local and private address spaces require a successful
-// preflight response carrying a PNA-specific header.
-
-makePreflightTests({
- sourceServer: Server.HTTPS_PUBLIC,
- sourceName: 'public',
- targetServer: Server.HTTPS_LOCAL,
- targetName: 'local',
-});
-
-makePreflightTests({
- sourceServer: Server.HTTPS_PUBLIC,
- sourceName: 'public',
- targetServer: Server.HTTPS_PRIVATE,
- targetName: 'private',
-});
-
-promise_test_parallel(
- t => fencedFrameTest(t, {
- source: {server: Server.HTTPS_PUBLIC},
- target: {server: Server.HTTPS_PUBLIC},
- expected: FrameTestResult.SUCCESS,
- }),
- 'public to public: no preflight required.');
-
-// The following tests verify that `CSP: treat-as-public-address` makes
-// documents behave as if they had been served from a public IP address.
-
-makePreflightTests({
- sourceServer: Server.HTTPS_LOCAL,
- sourceTreatAsPublic: true,
- sourceName: 'treat-as-public-address',
- targetServer: Server.OTHER_HTTPS_LOCAL,
- targetName: 'local',
-});
-
-promise_test_parallel(
- t => fencedFrameTest(t, {
- source: {
- server: Server.HTTPS_LOCAL,
- treatAsPublic: true,
- },
- target: {server: Server.HTTPS_LOCAL},
- expected: FrameTestResult.FAILURE,
- }),
- 'treat-as-public-address to local (same-origin): fenced frame embedder ' +
- 'initiated navigation has opaque origin.');
-
-makePreflightTests({
- sourceServer: Server.HTTPS_LOCAL,
- sourceTreatAsPublic: true,
- sourceName: 'treat-as-public-address',
- targetServer: Server.HTTPS_PRIVATE,
- targetName: 'private',
-});
-
-promise_test_parallel(
- t => fencedFrameTest(t, {
- source: {
- server: Server.HTTPS_LOCAL,
- treatAsPublic: true,
- },
- target: {server: Server.HTTPS_PUBLIC},
- expected: FrameTestResult.SUCCESS,
- }),
- 'treat-as-public-address to public: no preflight required.');
-
-promise_test_parallel(
- t => fencedFrameTest(t, {
- source: {
- server: Server.HTTPS_LOCAL,
- treatAsPublic: true,
- },
- target: {
- server: Server.HTTPS_PUBLIC,
- behavior: {preflight: PreflightBehavior.optionalSuccess(token())}
- },
- expected: FrameTestResult.SUCCESS,
- }),
- 'treat-as-public-address to local: optional preflight');
diff --git a/fetch/local-network-access/iframe.tentative.https.window.js b/fetch/local-network-access/iframe.tentative.https.window.js
index 7d9ee53..6a83b88 100644
--- a/fetch/local-network-access/iframe.tentative.https.window.js
+++ b/fetch/local-network-access/iframe.tentative.https.window.js
@@ -21,19 +21,19 @@
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTPS_LOCAL },
target: { server: Server.HTTPS_LOCAL },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "local to local: no preflight required.");
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTPS_LOCAL },
target: { server: Server.HTTPS_PRIVATE },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "local to private: no preflight required.");
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTPS_LOCAL },
target: { server: Server.HTTPS_PUBLIC },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "local to public: no preflight required.");
// Generates tests of preflight behavior for a single (source, target) pair.
@@ -67,7 +67,7 @@
server: targetServer,
behavior: { preflight: PreflightBehavior.failure() },
},
- expected: FrameTestResult.FAILURE,
+ expected: IframeTestResult.FAILURE,
}), prefix + "failed preflight.");
promise_test_parallel(t => iframeTest(t, {
@@ -76,7 +76,7 @@
server: targetServer,
behavior: { preflight: PreflightBehavior.noCorsHeader(token()) },
},
- expected: FrameTestResult.FAILURE,
+ expected: IframeTestResult.FAILURE,
}), prefix + "missing CORS headers.");
promise_test_parallel(t => iframeTest(t, {
@@ -85,7 +85,7 @@
server: targetServer,
behavior: { preflight: PreflightBehavior.noPnaHeader(token()) },
},
- expected: FrameTestResult.FAILURE,
+ expected: IframeTestResult.FAILURE,
}), prefix + "missing PNA header.");
promise_test_parallel(t => iframeTest(t, {
@@ -94,7 +94,7 @@
server: targetServer,
behavior: { preflight: PreflightBehavior.success(token()) },
},
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), prefix + "success.");
}
@@ -113,13 +113,13 @@
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTPS_PRIVATE },
target: { server: Server.HTTPS_PRIVATE },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "private to private: no preflight required.");
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTPS_PRIVATE },
target: { server: Server.HTTPS_PUBLIC },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "private to public: no preflight required.");
// Source: public secure context.
@@ -144,7 +144,7 @@
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTPS_PUBLIC },
target: { server: Server.HTTPS_PUBLIC },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "public to public: no preflight required.");
// The following tests verify that `CSP: treat-as-public-address` makes
@@ -164,7 +164,7 @@
treatAsPublic: true,
},
target: { server: Server.HTTPS_LOCAL },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "treat-as-public-address to local (same-origin): no preflight required.");
makePreflightTests({
@@ -181,7 +181,7 @@
treatAsPublic: true,
},
target: { server: Server.HTTPS_PUBLIC },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "treat-as-public-address to public: no preflight required.");
promise_test_parallel(t => iframeTest(t, {
@@ -193,7 +193,7 @@
server: Server.HTTPS_PUBLIC,
behavior: { preflight: PreflightBehavior.optionalSuccess(token()) }
},
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "treat-as-public-address to local: optional preflight");
// The following tests verify that when a grandparent frame navigates its
@@ -206,7 +206,7 @@
grandparentServer: Server.HTTPS_LOCAL,
child: { server: Server.HTTPS_PUBLIC },
grandchild: { server: Server.OTHER_HTTPS_LOCAL },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
});
iframeGrandparentTest({
@@ -214,7 +214,7 @@
grandparentServer: Server.HTTPS_LOCAL,
child: { server: Server.HTTPS_PUBLIC },
grandchild: { server: Server.HTTPS_LOCAL },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
});
iframeGrandparentTest({
@@ -228,7 +228,7 @@
server: Server.HTTPS_LOCAL,
behavior: { preflight: PreflightBehavior.failure() },
},
- expected: FrameTestResult.FAILURE,
+ expected: IframeTestResult.FAILURE,
});
iframeGrandparentTest({
@@ -242,5 +242,5 @@
server: Server.HTTPS_LOCAL,
behavior: { preflight: PreflightBehavior.success(token()) },
},
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
});
diff --git a/fetch/local-network-access/iframe.tentative.window.js b/fetch/local-network-access/iframe.tentative.window.js
index c0770df..e00cb20 100644
--- a/fetch/local-network-access/iframe.tentative.window.js
+++ b/fetch/local-network-access/iframe.tentative.window.js
@@ -18,55 +18,55 @@
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTP_LOCAL },
target: { server: Server.HTTP_LOCAL },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "local to local: no preflight required.");
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTP_LOCAL },
target: { server: Server.HTTP_PRIVATE },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "local to private: no preflight required.");
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTP_LOCAL },
target: { server: Server.HTTP_PUBLIC },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "local to public: no preflight required.");
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTP_PRIVATE },
target: { server: Server.HTTP_LOCAL },
- expected: FrameTestResult.FAILURE,
+ expected: IframeTestResult.FAILURE,
}), "private to local: failure.");
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTP_PRIVATE },
target: { server: Server.HTTP_PRIVATE },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "private to private: no preflight required.");
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTP_PRIVATE },
target: { server: Server.HTTP_PUBLIC },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "private to public: no preflight required.");
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTP_PUBLIC },
target: { server: Server.HTTP_LOCAL },
- expected: FrameTestResult.FAILURE,
+ expected: IframeTestResult.FAILURE,
}), "public to local: failure.");
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTP_PUBLIC },
target: { server: Server.HTTP_PRIVATE },
- expected: FrameTestResult.FAILURE,
+ expected: IframeTestResult.FAILURE,
}), "public to private: failure.");
promise_test_parallel(t => iframeTest(t, {
source: { server: Server.HTTP_PUBLIC },
target: { server: Server.HTTP_PUBLIC },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "public to public: no preflight required.");
promise_test_parallel(t => iframeTest(t, {
@@ -75,7 +75,7 @@
treatAsPublic: true,
},
target: { server: Server.HTTP_LOCAL },
- expected: FrameTestResult.FAILURE,
+ expected: IframeTestResult.FAILURE,
}), "treat-as-public-address to local: failure.");
promise_test_parallel(t => iframeTest(t, {
@@ -84,7 +84,7 @@
treatAsPublic: true,
},
target: { server: Server.HTTP_PRIVATE },
- expected: FrameTestResult.FAILURE,
+ expected: IframeTestResult.FAILURE,
}), "treat-as-public-address to private: failure.");
promise_test_parallel(t => iframeTest(t, {
@@ -93,7 +93,7 @@
treatAsPublic: true,
},
target: { server: Server.HTTP_PUBLIC },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
}), "treat-as-public-address to public: no preflight required.");
// The following test verifies that when a grandparent frame navigates its
@@ -106,5 +106,5 @@
grandparentServer: Server.HTTP_LOCAL,
child: { server: Server.HTTP_PUBLIC },
grandchild: { server: Server.HTTP_LOCAL },
- expected: FrameTestResult.SUCCESS,
+ expected: IframeTestResult.SUCCESS,
});
diff --git a/fetch/local-network-access/resources/fenced-frame-fetcher.https.html b/fetch/local-network-access/resources/fenced-frame-fetcher.https.html
deleted file mode 100644
index b14601d..0000000
--- a/fetch/local-network-access/resources/fenced-frame-fetcher.https.html
+++ /dev/null
@@ -1,25 +0,0 @@
-<!DOCTYPE html>
-<meta charset="utf-8">
-<script src="../../../fenced-frame/resources/utils.js"></script>
-<title>Fetcher</title>
-<script>
- const url = new URL(location.href).searchParams.get("url");
- const mode = new URL(location.href).searchParams.get("mode");
- const method = new URL(location.href).searchParams.get("method");
- const [error_token, ok_token, body_token, type_token] = parseKeylist();
-
- fetch(url, {mode: mode, method: method})
- .then(async function(response) {
- const body = await response.text();
- writeValueToServer(ok_token, response.ok);
- writeValueToServer(body_token, body);
- writeValueToServer(type_token, response.type);
- writeValueToServer(error_token, "");
- })
- .catch(error => {
- writeValueToServer(ok_token, "");
- writeValueToServer(body_token, "");
- writeValueToServer(type_token, "");
- writeValueToServer(error_token, error.toString());
- });
-</script>
\ No newline at end of file
diff --git a/fetch/local-network-access/resources/fenced-frame-fetcher.https.html.headers b/fetch/local-network-access/resources/fenced-frame-fetcher.https.html.headers
deleted file mode 100644
index 6247f6d..0000000
--- a/fetch/local-network-access/resources/fenced-frame-fetcher.https.html.headers
+++ /dev/null
@@ -1 +0,0 @@
-Supports-Loading-Mode: fenced-frame
\ No newline at end of file
diff --git a/fetch/local-network-access/resources/fenced-frame-local-network-access-target.https.html b/fetch/local-network-access/resources/fenced-frame-local-network-access-target.https.html
deleted file mode 100644
index 2b55e05..0000000
--- a/fetch/local-network-access/resources/fenced-frame-local-network-access-target.https.html
+++ /dev/null
@@ -1,8 +0,0 @@
-<!DOCTYPE html>
-<meta charset="utf-8">
-<script src="../../../fenced-frame/resources/utils.js"></script>
-<title>Fenced frame target</title>
-<script>
- const [frame_loaded_key] = parseKeylist();
- writeValueToServer(frame_loaded_key, 'loaded');
-</script>
diff --git a/fetch/local-network-access/resources/fenced-frame-local-network-access.https.html b/fetch/local-network-access/resources/fenced-frame-local-network-access.https.html
deleted file mode 100644
index 860371f..0000000
--- a/fetch/local-network-access/resources/fenced-frame-local-network-access.https.html
+++ /dev/null
@@ -1,12 +0,0 @@
-<!DOCTYPE html>
-<meta charset="utf-8">
-<title>Fenced frame</title>
-<body></body>
-<script>
- const fenced_frame = document.createElement("fencedframe");
- const target = new URL(location.href).searchParams.get("fenced_frame_url");
- const config = new FencedFrameConfig(target);
- fenced_frame.config = config;
- document.body.appendChild(fenced_frame);
-
-</script>
diff --git a/fetch/local-network-access/resources/fenced-frame-local-network-access.https.html.headers b/fetch/local-network-access/resources/fenced-frame-local-network-access.https.html.headers
deleted file mode 100644
index 6247f6d..0000000
--- a/fetch/local-network-access/resources/fenced-frame-local-network-access.https.html.headers
+++ /dev/null
@@ -1 +0,0 @@
-Supports-Loading-Mode: fenced-frame
\ No newline at end of file
diff --git a/fetch/local-network-access/resources/preflight.py b/fetch/local-network-access/resources/preflight.py
index be3abdb..4b0bfef 100644
--- a/fetch/local-network-access/resources/preflight.py
+++ b/fetch/local-network-access/resources/preflight.py
@@ -85,9 +85,6 @@
def _get_preflight_uuid(request):
return request.GET.get(b"preflight-uuid")
-def _is_loaded_in_fenced_frame(request):
- return request.GET.get(b"is-loaded-in-fenced-frame")
-
def _should_treat_as_public_once(request):
uuid = request.GET.get(b"treat-as-public-once")
if uuid is None:
@@ -158,9 +155,6 @@
if mime_type is not None:
headers.append(("Content-Type", mime_type),)
- if _is_loaded_in_fenced_frame(request):
- headers.append(("Supports-Loading-Mode", "fenced-frame"))
-
body = _final_response_body(request)
return (headers, body)
diff --git a/fetch/local-network-access/resources/support.sub.js b/fetch/local-network-access/resources/support.sub.js
index ca8d2e6..a09c460 100644
--- a/fetch/local-network-access/resources/support.sub.js
+++ b/fetch/local-network-access/resources/support.sub.js
@@ -341,41 +341,6 @@
}
}
-// Similar to `fetchTest`, but replaced iframes with fenced frames.
-async function fencedFrameFetchTest(t, { source, target, fetchOptions, expected }) {
- const fetcher_url =
- resolveUrl("resources/fenced-frame-fetcher.https.html", sourceResolveOptions(source));
-
- const target_url = preflightUrl(target);
- target_url.searchParams.set("is-loaded-in-fenced-frame", true);
-
- fetcher_url.searchParams.set("mode", fetchOptions.mode);
- fetcher_url.searchParams.set("method", fetchOptions.method);
- fetcher_url.searchParams.set("url", target_url);
-
- const error_token = token();
- const ok_token = token();
- const body_token = token();
- const type_token = token();
- const source_url = generateURL(fetcher_url, [error_token, ok_token, body_token, type_token]);
-
- const fenced_frame = document.createElement('fencedframe');
- fenced_frame.config = new FencedFrameConfig(source_url);
- document.body.append(fenced_frame);
-
- const error = await nextValueFromServer(error_token);
- const ok = await nextValueFromServer(ok_token);
- const body = await nextValueFromServer(body_token);
- const type = await nextValueFromServer(type_token);
-
- assert_equals(error, expected.error || "" , "error");
- assert_equals(body, expected.body || "", "response body");
- assert_equals(ok, expected.ok !== undefined ? expected.ok.toString() : "", "response ok");
- if (expected.type !== undefined) {
- assert_equals(type, expected.type, "response type");
- }
-}
-
const XhrTestResult = {
SUCCESS: {
loaded: true,
@@ -428,7 +393,7 @@
assert_equals(body, expected.body, "response body");
}
-const FrameTestResult = {
+const IframeTestResult = {
SUCCESS: "loaded",
FAILURE: "timeout",
};
@@ -464,36 +429,6 @@
assert_equals(result, expected);
}
-// Similar to `iframeTest`, but replaced iframes with fenced frames.
-async function fencedFrameTest(t, { source, target, expected }) {
- // Allows running tests in parallel.
- const target_url = preflightUrl(target);
- target_url.searchParams.set("file", "fenced-frame-local-network-access-target.https.html");
- target_url.searchParams.set("is-loaded-in-fenced-frame", true);
-
- const frame_loaded_key = token();
- const child_frame_target = generateURL(target_url, [frame_loaded_key]);
-
- const source_url =
- resolveUrl("resources/fenced-frame-local-network-access.https.html", sourceResolveOptions(source));
- source_url.searchParams.set("fenced_frame_url", child_frame_target);
-
- const fenced_frame = document.createElement('fencedframe');
- fenced_frame.config = new FencedFrameConfig(source_url);
- document.body.append(fenced_frame);
-
- // The grandchild fenced frame writes a value to the server iff it loads
- // successfully.
- const result = await Promise.race([
- nextValueFromServer(frame_loaded_key),
- new Promise((resolve) => {
- t.step_timeout(() => resolve("timeout"), 10000 /* ms */);
- }),
- ]);
-
- assert_equals(result, expected);
-}
-
const iframeGrandparentTest = ({
name,
grandparentServer,