Fetch Metadata: split up document destination.

As discussed in
w3c/webappsec-fetch-metadata#45,

We have decided to shift the model around nested navigations from
exposure via the request's `mode` to its `destination`. This patch
splits the existing `document` destination into three parts:
 - `document` for top-level navigations and, for the moment, <portals>.
 - `iframe` for <iframe> navigations.
 - `frame` for <frame> navigations.

Subsequent patch will remove the `nested-document` mode when we're ready
to ship `Sec-Fetch-Dest`.

Bug: 1011724
Change-Id: I23f23922fb49523aa050f59cbf13aabc086600bb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1847295
Reviewed-by: Arthur Sonzogni <[email protected]>
Reviewed-by: Mike West <[email protected]>
Commit-Queue: Yifan Luo <[email protected]>
Cr-Commit-Position: refs/heads/master@{#705527}

Author: iVanlIsh

fetch/metadata/sec-fetch-dest/frame.tentative.https.sub.html

@@ -0,0 +1,55 @@
+<!DOCTYPE html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/resources/testdriver.js></script>
+<script src=/resources/testdriver-vendor.js></script>
+<script src=/fetch/metadata/resources/helper.js></script>
+<script src=/common/utils.js></script>
+<body>
+<script>
+  const USER = true;
+  const FORCED = false;
+
+  function create_test(host, user_activated, expectations) {
+    async_test(t => {
+      let i = document.createElement('frame');
+      window.addEventListener('message', t.step_func(e => {
+        if (e.source != i.contentWindow)
+          return;
+
+        assert_header_dest_equals(e.data, expectations);
+        t.done();
+      }));
+
+      let url = `https://${host}/fetch/metadata/resources/post-to-owner.py`;
+      if (user_activated == FORCED) {
+        i.src = url;
+        document.body.appendChild(i);
+      } else if (user_activated == USER) {
+        let uuid = token();
+        i.name = uuid;
+        let a = document.createElement('a');
+        a.href = url;
+        a.target = uuid;
+        a.text = "This is a link!";
+
+        document.body.appendChild(i);
+        document.body.appendChild(a);
+
+        test_driver.click(a);
+      }
+    }, `{{host}} -> ${host} iframe: ${user_activated ? "user-activated" : "forced"}`);
+  }
+
+  create_test("{{host}}:{{ports[https][0]}}", FORCED, "frame");
+
+  create_test("{{hosts[][www]}}:{{ports[https][0]}}", FORCED, "frame");
+
+  create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", FORCED, "frame");
+
+  create_test("{{host}}:{{ports[https][0]}}", USER, "frame");
+
+  create_test("{{hosts[][www]}}:{{ports[https][0]}}", USER, "frame");
+
+  create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", USER, "frame");
+</script>

fetch/metadata/sec-fetch-dest/frame.tentative.sub.html

@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<script src=/resources/testharness.js></script>
+<script src=/resources/testharnessreport.js></script>
+<script src=/fetch/metadata/resources/helper.js></script>
+<body>
+<script>
+  async_test(t => {
+    let i = document.createElement('frame');
+    i.src = "http://{{host}}:{{ports[http][0]}}/fetch/metadata/resources/post-to-owner.py";
+    window.addEventListener('message', t.step_func(e => {
+      if (e.source != i.contentWindow)
+        return;
+
+      assert_header_dest_equals(e.data, "");
+      t.done();
+    }));
+
+    document.body.appendChild(i);
+  }, "Non-secure same-origin iframe => No headers");
+
+  async_test(t => {
+    let i = document.createElement('frame');
+    i.src = "http://{{hosts[][www]}}:{{ports[http][0]}}/fetch/metadata/resources/post-to-owner.py";
+    window.addEventListener('message', t.step_func(e => {
+      if (e.source != i.contentWindow)
+        return;
+
+      assert_header_dest_equals(e.data, "");
+      t.done();
+    }));
+
+    document.body.appendChild(i);
+  }, "Non-secure same-site iframe => No headers");
+
+  async_test(t => {
+    let i = document.createElement('frame');
+    i.src = "http://{{hosts[alt][www]}}:{{ports[http][0]}}/fetch/metadata/resources/post-to-owner.py";
+    window.addEventListener('message', t.step_func(e => {
+      if (e.source != i.contentWindow)
+        return;
+
+      assert_header_dest_equals(e.data, "");
+      t.done();
+    }));
+
+    document.body.appendChild(i);
+  }, "Non-secure cross-site iframe => No headers.");
+
+  async_test(t => {
+    let i = document.createElement('frame');
+    i.src = "https://{{host}}:{{ports[https][0]}}/fetch/metadata/resources/post-to-owner.py";
+    window.addEventListener('message', t.step_func(e => {
+      if (e.source != i.contentWindow)
+        return;
+
+      assert_header_dest_equals(e.data, "frame");
+      t.done();
+    }));
+
+    document.body.appendChild(i);
+  }, "Secure, cross-site (cross-scheme, same-host) frame");
+</script>

fetch/metadata/sec-fetch-dest/iframe.tentative.https.sub.html

@@ -41,15 +41,15 @@
     }, `{{host}} -> ${host} iframe: ${user_activated ? "user-activated" : "forced"}`);
   }
 
-  create_test("{{host}}:{{ports[https][0]}}", FORCED, "nested-document");
+  create_test("{{host}}:{{ports[https][0]}}", FORCED, "iframe");
 
-  create_test("{{hosts[][www]}}:{{ports[https][0]}}", FORCED, "nested-document");
+  create_test("{{hosts[][www]}}:{{ports[https][0]}}", FORCED, "iframe");
 
-  create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", FORCED, "nested-document");
+  create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", FORCED, "iframe");
 
-  create_test("{{host}}:{{ports[https][0]}}", USER, "nested-document");
+  create_test("{{host}}:{{ports[https][0]}}", USER, "iframe");
 
-  create_test("{{hosts[][www]}}:{{ports[https][0]}}", USER, "nested-document");
+  create_test("{{hosts[][www]}}:{{ports[https][0]}}", USER, "iframe");
 
-  create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", USER, "nested-document");
+  create_test("{{hosts[alt][www]}}:{{ports[https][0]}}", USER, "iframe");
 </script>

fetch/metadata/sec-fetch-dest/iframe.tentative.sub.html

@@ -53,7 +53,7 @@
       if (e.source != i.contentWindow)
         return;
 
-      assert_header_dest_equals(e.data, "nested-document");
+      assert_header_dest_equals(e.data, "iframe");
       t.done();
     }));