Bug 1895639 [wpt PR 46159] - Reland "[fetch-later] Define new permiss…

…ions policy `deferred-fetch`", a=testonly

Automatic update from web-platform-tests
Reland "[fetch-later] Define new permissions policy `deferred-fetch`"

This is a reland of commit 193729386996ac0bd40dba0aa98b7f85ff7b94d1

The failed test from https://crbug.com/339120680 is removed by https://crrev.com/c/5524593/1..2 as the same behavior is already covered by `/fetch/fetch-later/permissions-policy/deferred-fetch-default-permissions-policy.tentative.https.window.js` more carefully.

Original change's description:
> [fetch-later] Define new permissions policy `deferred-fetch`
>
> 1-Pager: https://docs.google.com/document/d/1P70kdENIByy3qWabN5rUPmBVkkANNSOM_jZynLnqINY/edit
>
> This CL follows the [guide] to define a new permissions policy
> `deferred-fetch`, which is used to gate the new `fetchLater()` API.
> Relevant WPT are added in this CL, and the subsequent CL will further
> use this policy to adjust the request quota.
>
> In this CL, `deferred-fetch` is not added to chrome://settings/content
> page. And no permission prompt for it.
>
> - webappsec request: w3c/webappsec-permissions-policy#544
> - "deferred-fetch" usage in fetchLater draft spec: https://whatpr.org/fetch/1647.html#request-a-deferred-fetch
> - "deferred-fetch" policy discussion: WICG/pending-beacon#87 (comment)
> - FetchLater Explainer: https://github.com/WICG/pending-beacon/blob/main/docs/fetch-later-api.md
>
>
> [guide]: https://chromium.googlesource.com/chromium/src/+/main/components/permissions/add_new_permission.md
>
> Bug: b:40276121,339120680
> Change-Id: I2db4dd7484610fefb50c463552155b220f13ac5d
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5367481
> Reviewed-by: Adam Rice <[email protected]>
> Reviewed-by: Thomas Nguyen <[email protected]>
> Reviewed-by: Ian Clelland <[email protected]>
> Commit-Queue: Ming-Ying Chung <[email protected]>
> Reviewed-by: Yoav Weiss (@Shopify) <[email protected]>
> Reviewed-by: Takashi Toyoshima <[email protected]>
> Cr-Commit-Position: refs/heads/main@{#1297320}

Bug: b:40276121,339120680
Change-Id: I41e2f0980f5d72eb6c0687a82d96ad4a59f59936
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5524593
Reviewed-by: Thomas Nguyen <[email protected]>
Reviewed-by: Yoav Weiss (@Shopify) <[email protected]>
Reviewed-by: Ian Clelland <[email protected]>
Commit-Queue: Ming-Ying Chung <[email protected]>
Reviewed-by: Takashi Toyoshima <[email protected]>
Reviewed-by: Adam Rice <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1310429}

--

wpt-commits: cdd00c8bc0a087353a9dc26e80f11c87aa4fdfae
wpt-pr: 46159

testing/web-platform/tests/fetch/fetch-later/README.md

@@ -1,3 +1,3 @@
 # FetchLater Tests
 
-These tests cover [FetchLater method](https://whatpr.org/fetch/1647/094ea69...152d725.html#fetch-later-method) related behaviors.
+These tests cover [FetchLater method](https://whatpr.org/fetch/1647.html#dom-window-fetchlater) related behaviors.

testing/web-platform/tests/fetch/fetch-later/iframe.tentative.https.window.js

@@ -51,13 +51,5 @@ parallelPromiseTest(async t => {
   await expectBeacon(uuid, {count: 1});
 }, 'A same-origin iframe can trigger fetchLater.');
 
-parallelPromiseTest(async t => {
-  const uuid = token();
-  const url = generateSetBeaconURL(uuid);
-
-  // Loads a same-origin iframe that fires a fetchLater request.
-  await loadFetchLaterIframe(HTTPS_NOTSAMESITE_ORIGIN, url);
-
-  // The iframe should have sent the request.
-  await expectBeacon(uuid, {count: 1});
-}, 'A cross-origin iframe can trigger fetchLater.');
+// The test to load a cross-origin iframe that fires a fetchLater request is in
+// /fetch/fetch-later/permissions-policy/deferred-fetch-default-permissions-policy.tentative.https.window.js

testing/web-platform/tests/fetch/fetch-later/permissions-policy/README.md

@@ -0,0 +1,8 @@
+# Permissions Policy: "deferred-fetch" Tests
+
+This folder contains tests to cover the permissions policy "deferred-fetch",
+which is used to gate the `fetchLater()` API.
+
+The tests follow the patterns from
+permissions-policy/README.md to cover all use cases of permissions policy for a
+new feature.

testing/web-platform/tests/fetch/fetch-later/permissions-policy/deferred-fetch-allowed-by-permissions-policy-attribute-redirect.tentative.https.window.js

@@ -0,0 +1,31 @@
+// META: title=Permissions Policy "deferred-fetch" is allowed to redirect by allow attribute
+// META: script=/permissions-policy/resources/permissions-policy.js
+// META: script=/common/utils.js
+// META: script=/common/get-host-info.sub.js
+// META: script=/fetch/fetch-later/resources/fetch-later-helper.js
+// META: script=/fetch/fetch-later/permissions-policy/resources/helper.js
+// META: timeout=long
+'use strict';
+
+const {
+  HTTPS_ORIGIN,
+  HTTPS_NOTSAMESITE_ORIGIN,
+} = get_host_info();
+
+const baseUrl = '/permissions-policy/resources/redirect-on-load.html#';
+const description = 'Permissions policy allow="deferred-fetch"';
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t,
+      getDeferredFetchPolicyInIframeHelperUrl(`${baseUrl}${HTTPS_ORIGIN}`),
+      expect_feature_available_default, /*feature_name=*/ 'deferred-fetch');
+}, `${description} allows same-origin navigation in an iframe.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t,
+      getDeferredFetchPolicyInIframeHelperUrl(
+          `${baseUrl}${HTTPS_NOTSAMESITE_ORIGIN}`),
+      expect_feature_unavailable_default, /*feature_name=*/ 'deferred-fetch');
+}, `${description} disallows cross-origin navigation in an iframe.`);

testing/web-platform/tests/fetch/fetch-later/permissions-policy/deferred-fetch-allowed-by-permissions-policy-attribute.tentative.https.window.js

@@ -0,0 +1,36 @@
+// META: title=Permissions Policy "deferred-fetch" is allowed by allow attribute
+// META: script=/permissions-policy/resources/permissions-policy.js
+// META: script=/common/utils.js
+// META: script=/common/get-host-info.sub.js
+// META: script=/fetch/fetch-later/resources/fetch-later-helper.js
+// META: script=/fetch/fetch-later/permissions-policy/resources/helper.js
+// META: timeout=long
+'use strict';
+
+const {
+  HTTPS_ORIGIN,
+  HTTPS_NOTSAMESITE_ORIGIN,
+} = get_host_info();
+
+const description = 'Permissions policy "deferred-fetch"';
+const attribute = 'allow="deferred-fetch" attribute';
+
+async_test(
+    t => {
+      test_feature_availability(
+          'fetchLater()', t,
+          getDeferredFetchPolicyInIframeHelperUrl(HTTPS_ORIGIN),
+          expect_feature_available_default, /*feature_name=*/ 'deferred-fetch');
+    },
+    `${description} can be enabled in the same-origin iframe using ${
+        attribute}.`);
+
+async_test(
+    t => {
+      test_feature_availability(
+          'fetchLater()', t,
+          getDeferredFetchPolicyInIframeHelperUrl(HTTPS_NOTSAMESITE_ORIGIN),
+          expect_feature_available_default, /*feature_name=*/ 'deferred-fetch');
+    },
+    `${description} can be enabled in the cross-origin iframe using ${
+        attribute}.`);

testing/web-platform/tests/fetch/fetch-later/permissions-policy/deferred-fetch-allowed-by-permissions-policy.tentative.https.window.js

@@ -0,0 +1,45 @@
+// META: title=Permissions Policy "deferred-fetch" is allowed
+// META: script=/permissions-policy/resources/permissions-policy.js
+// META: script=/common/utils.js
+// META: script=/common/get-host-info.sub.js
+// META: script=/fetch/fetch-later/resources/fetch-later-helper.js
+// META: script=/fetch/fetch-later/permissions-policy/resources/helper.js
+// META: timeout=long
+'use strict';
+
+const {
+  HTTPS_ORIGIN,
+  HTTPS_NOTSAMESITE_ORIGIN,
+} = get_host_info();
+
+const description = 'Permissions policy header: "deferred-fetch=*"';
+
+parallelPromiseTest(async _ => {
+  const uuid = token();
+  const url = generateSetBeaconURL(uuid);
+
+  // Request the browser to fetchLater() immediately.
+  fetchLater(url, {activateAfter: 0});
+
+  await expectBeacon(uuid, {count: 1});
+}, `${description} allows fetchLater() in the top-level document.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t, getDeferredFetchPolicyInIframeHelperUrl(HTTPS_ORIGIN),
+      expect_feature_available_default);
+}, `${description} allows fetchLater() in the same-origin iframe.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t,
+      getDeferredFetchPolicyInIframeHelperUrl(HTTPS_NOTSAMESITE_ORIGIN),
+      expect_feature_unavailable_default);
+}, `${description} disallows fetchLater() in the cross-origin iframe.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t,
+      getDeferredFetchPolicyInIframeHelperUrl(HTTPS_NOTSAMESITE_ORIGIN),
+      expect_feature_available_default, /*feature_name=*/ 'deferred-fetch');
+}, `${description} allow="deferred-fetch" allows fetchLater() in the cross-origin iframe.`);

testing/web-platform/tests/fetch/fetch-later/permissions-policy/deferred-fetch-allowed-by-permissions-policy.tentative.https.window.js.headers

@@ -0,0 +1 @@
+Permissions-Policy: deferred-fetch=*

testing/web-platform/tests/fetch/fetch-later/permissions-policy/deferred-fetch-default-permissions-policy.tentative.https.window.js

@@ -0,0 +1,38 @@
+// META: title=Permissions Policy "deferred-fetch" default behavior
+// META: script=/permissions-policy/resources/permissions-policy.js
+// META: script=/common/utils.js
+// META: script=/common/get-host-info.sub.js
+// META: script=/fetch/fetch-later/resources/fetch-later-helper.js
+// META: script=/fetch/fetch-later/permissions-policy/resources/helper.js
+// META: timeout=long
+'use strict';
+
+const {
+  HTTPS_ORIGIN,
+  HTTPS_NOTSAMESITE_ORIGIN,
+} = get_host_info();
+
+const description = 'Default "deferred-fetch" permissions policy ["self"]';
+
+parallelPromiseTest(async _ => {
+  const uuid = token();
+  const url = generateSetBeaconURL(uuid);
+
+  // Request the browser to fetchLater() immediately.
+  fetchLater(url, {activateAfter: 0});
+
+  await expectBeacon(uuid, {count: 1});
+}, `${description} allows fetchLater() in the top-level document.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t, getDeferredFetchPolicyInIframeHelperUrl(HTTPS_ORIGIN),
+      expect_feature_available_default);
+}, `${description} allows fetchLater() in the same-origin iframe.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t,
+      getDeferredFetchPolicyInIframeHelperUrl(HTTPS_NOTSAMESITE_ORIGIN),
+      expect_feature_unavailable_default);
+}, `${description} disallows fetchLater() in the cross-origin iframe.`);

testing/web-platform/tests/fetch/fetch-later/permissions-policy/deferred-fetch-disabled-by-permissions-policy.tentative.https.window.js

@@ -0,0 +1,34 @@
+// META: title=Permissions Policy "deferred-fetch" is disabled
+// META: script=/permissions-policy/resources/permissions-policy.js
+// META: script=/common/utils.js
+// META: script=/common/get-host-info.sub.js
+// META: script=/fetch/fetch-later/resources/fetch-later-helper.js
+// META: script=/fetch/fetch-later/permissions-policy/resources/helper.js
+// META: timeout=long
+'use strict';
+
+const {
+  HTTPS_ORIGIN,
+  HTTPS_NOTSAMESITE_ORIGIN,
+} = get_host_info();
+
+const description = 'Permissions policy header: "deferred-fetch=()"';
+
+parallelPromiseTest(async _ => {
+  // Request the browser to fetchLater() immediately, which is not allowed.
+  assert_throws_dom(
+      'NotAllowedError', () => fetchLater('/', {activateAfter: 0}));
+}, `${description} disallows fetchLater() in the top-level document.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t, getDeferredFetchPolicyInIframeHelperUrl(HTTPS_ORIGIN),
+      expect_feature_unavailable_default);
+}, `${description} disallows fetchLater() in the same-origin iframe.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t,
+      getDeferredFetchPolicyInIframeHelperUrl(HTTPS_NOTSAMESITE_ORIGIN),
+      expect_feature_unavailable_default);
+}, `${description} disallows fetchLater() in the cross-origin iframe.`);

testing/web-platform/tests/fetch/fetch-later/permissions-policy/deferred-fetch-disabled-by-permissions-policy.tentative.https.window.js.headers

@@ -0,0 +1 @@
+Permissions-Policy: deferred-fetch=()

testing/web-platform/tests/fetch/fetch-later/permissions-policy/deferred-fetch-supported-by-permissions-policy.tentative.window.js

@@ -0,0 +1,8 @@
+// META: title=The feature list should advertise deferred-fetch
+'use strict';
+
+// https://w3c.github.io/webappsec-permissions-policy/#dom-permissions-policy-features
+// https://wicg.github.io/local-fonts/#permissions-policy
+test(() => {
+  assert_in_array('deferred-fetch', document.featurePolicy.features());
+}, 'document.featurePolicy.features should advertise deferred-fetch.');

testing/web-platform/tests/fetch/fetch-later/permissions-policy/resources/helper.js

@@ -0,0 +1,13 @@
+'use strict';
+
+/**
+ * Returns an URL to a document that can be used to initialize an iframe to test
+ * whether the "deferred-fetch"policy is enabled.
+ */
+function getDeferredFetchPolicyInIframeHelperUrl(iframeOrigin) {
+  if (!iframeOrigin.endsWith('/')) {
+    iframeOrigin += '/';
+  }
+  return `${
+      iframeOrigin}fetch/fetch-later/permissions-policy/resources/permissions-policy-deferred-fetch.html`;
+}

testing/web-platform/tests/fetch/fetch-later/permissions-policy/resources/permissions-policy-deferred-fetch.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<script>
+'use strict';
+
+window.onload = () => {
+  let enabled = true;
+  try {
+    fetchLater('/', {activateAfter: 0});
+  } catch (e) {
+    enabled = false;
+  }
+  parent.postMessage({ type: 'availability-result', enabled }, '*');
+}
+</script>