[WPT/referrer-policy] Add worker subresource tests

This CL adds tests of subresources sent from worker global scope,
including XHR/Fetch API inside workers and nested workers.

The tests are failing on Safari and Firefox, largely because
of differences of referrer policy inheritance rule
(which is a spec-level issue).

Bug: 906850
Change-Id: Ia385d72918df5d4318c7fc58306bfc614a3bd4b8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1785499
Commit-Queue: Hiroshige Hayashizaki <[email protected]>
Reviewed-by: Hiroki Nakagawa <[email protected]>
Reviewed-by: Kenichi Ishibashi <[email protected]>
Cr-Commit-Position: refs/heads/master@{#702280}

Author: hiroshige-g

referrer-policy/gen/worker-classic.http-rp/no-referrer-when-downgrade/fetch/cross-http.keep-origin.http.html

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using common/security-features/tools/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+    <link rel="author" title="Kristijan Burnik" href="[email protected]">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+    <meta name="assert" content="Referrer Policy: Expects stripped-referrer for fetch to cross-http origin and keep-origin redirection from http context.">
+    <meta name="referrer" content="no-referrer">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="/referrer-policy/generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "stripped-referrer",
+          "origin": "cross-http",
+          "redirection": "keep-origin",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "referrerPolicy",
+                  "value": "no-referrer-when-downgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "http",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

referrer-policy/gen/worker-classic.http-rp/no-referrer-when-downgrade/fetch/cross-http.no-redirect.http.html

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using common/security-features/tools/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+    <link rel="author" title="Kristijan Burnik" href="[email protected]">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+    <meta name="assert" content="Referrer Policy: Expects stripped-referrer for fetch to cross-http origin and no-redirect redirection from http context.">
+    <meta name="referrer" content="no-referrer">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="/referrer-policy/generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "stripped-referrer",
+          "origin": "cross-http",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "referrerPolicy",
+                  "value": "no-referrer-when-downgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "http",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

referrer-policy/gen/worker-classic.http-rp/no-referrer-when-downgrade/fetch/cross-http.swap-origin.http.html

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using common/security-features/tools/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+    <link rel="author" title="Kristijan Burnik" href="[email protected]">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+    <meta name="assert" content="Referrer Policy: Expects stripped-referrer for fetch to cross-http origin and swap-origin redirection from http context.">
+    <meta name="referrer" content="no-referrer">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="/referrer-policy/generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "stripped-referrer",
+          "origin": "cross-http",
+          "redirection": "swap-origin",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "referrerPolicy",
+                  "value": "no-referrer-when-downgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "http",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

referrer-policy/gen/worker-classic.http-rp/no-referrer-when-downgrade/fetch/cross-https.keep-origin.http.html

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using common/security-features/tools/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+    <link rel="author" title="Kristijan Burnik" href="[email protected]">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+    <meta name="assert" content="Referrer Policy: Expects stripped-referrer for fetch to cross-https origin and keep-origin redirection from http context.">
+    <meta name="referrer" content="no-referrer">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="/referrer-policy/generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "stripped-referrer",
+          "origin": "cross-https",
+          "redirection": "keep-origin",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "referrerPolicy",
+                  "value": "no-referrer-when-downgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "http",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

referrer-policy/gen/worker-classic.http-rp/no-referrer-when-downgrade/fetch/cross-https.no-redirect.http.html

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using common/security-features/tools/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+    <link rel="author" title="Kristijan Burnik" href="[email protected]">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+    <meta name="assert" content="Referrer Policy: Expects stripped-referrer for fetch to cross-https origin and no-redirect redirection from http context.">
+    <meta name="referrer" content="no-referrer">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="/referrer-policy/generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "stripped-referrer",
+          "origin": "cross-https",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "referrerPolicy",
+                  "value": "no-referrer-when-downgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "http",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

referrer-policy/gen/worker-classic.http-rp/no-referrer-when-downgrade/fetch/cross-https.swap-origin.http.html

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using common/security-features/tools/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+    <link rel="author" title="Kristijan Burnik" href="[email protected]">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+    <meta name="assert" content="Referrer Policy: Expects stripped-referrer for fetch to cross-https origin and swap-origin redirection from http context.">
+    <meta name="referrer" content="no-referrer">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="/referrer-policy/generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "stripped-referrer",
+          "origin": "cross-https",
+          "redirection": "swap-origin",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "referrerPolicy",
+                  "value": "no-referrer-when-downgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "http",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

referrer-policy/gen/worker-classic.http-rp/no-referrer-when-downgrade/fetch/same-http.keep-origin.http.html

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using common/security-features/tools/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+    <link rel="author" title="Kristijan Burnik" href="[email protected]">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+    <meta name="assert" content="Referrer Policy: Expects stripped-referrer for fetch to same-http origin and keep-origin redirection from http context.">
+    <meta name="referrer" content="no-referrer">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="/referrer-policy/generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "stripped-referrer",
+          "origin": "same-http",
+          "redirection": "keep-origin",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "referrerPolicy",
+                  "value": "no-referrer-when-downgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "http",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

referrer-policy/gen/worker-classic.http-rp/no-referrer-when-downgrade/fetch/same-http.no-redirect.http.html

@@ -0,0 +1,46 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using common/security-features/tools/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+    <link rel="author" title="Kristijan Burnik" href="[email protected]">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+    <meta name="assert" content="Referrer Policy: Expects stripped-referrer for fetch to same-http origin and no-redirect redirection from http context.">
+    <meta name="referrer" content="no-referrer">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="/referrer-policy/generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "stripped-referrer",
+          "origin": "same-http",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [
+                {
+                  "deliveryType": "http-rp",
+                  "key": "referrerPolicy",
+                  "value": "no-referrer-when-downgrade"
+                }
+              ],
+              "sourceContextType": "worker-classic"
+            }
+          ],
+          "source_scheme": "http",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>