[fetch-later] Define new permissions policy deferred-fetch

1-Pager: https://docs.google.com/document/d/1P70kdENIByy3qWabN5rUPmBVkkANNSOM_jZynLnqINY/edit

This CL follows the [guide] to define a new permissions policy
`deferred-fetch`, which is used to gate the new `fetchLater()` API.
Relevant WPT are added in this CL, and the subsequent CL will further
use this policy to adjust the request quota.

In this CL, `deferred-fetch` is not added to chrome://settings/content
page. And no permission prompt for it.

- webappsec request: w3c/webappsec-permissions-policy#544
- "deferred-fetch" usage in fetchLater draft spec: https://whatpr.org/fetch/1647.html#request-a-deferred-fetch
- "deferred-fetch" policy discussion: WICG/pending-beacon#87 (comment)
- FetchLater Explainer: https://github.com/WICG/pending-beacon/blob/main/docs/fetch-later-api.md

[guide]: https://chromium.googlesource.com/chromium/src/+/main/components/permissions/add_new_permission.md

Bug: b:40276121
Change-Id: I2db4dd7484610fefb50c463552155b220f13ac5d

fetch/fetch-later/README.md

@@ -1,3 +1,3 @@
 # FetchLater Tests
 
-These tests cover [FetchLater method](https://whatpr.org/fetch/1647/094ea69...152d725.html#fetch-later-method) related behaviors.
+These tests cover [FetchLater method](https://whatpr.org/fetch/1647.html#dom-window-fetchlater) related behaviors.

fetch/fetch-later/iframe.tentative.https.window.js

@@ -58,6 +58,7 @@ parallelPromiseTest(async t => {
   // Loads a same-origin iframe that fires a fetchLater request.
   await loadFetchLaterIframe(HTTPS_NOTSAMESITE_ORIGIN, url);
 
-  // The iframe should have sent the request.
-  await expectBeacon(uuid, {count: 1});
-}, 'A cross-origin iframe can trigger fetchLater.');
+  // See also
+  // /fetch/fetch-later/permissions-policy/deferred-fetch-default-permissions-policy.tentative.https.window.js
+  await expectBeacon(uuid, {count: 0});
+}, 'A cross-origin iframe cannot trigger fetchLater.');

fetch/fetch-later/permissions-policy/README.md

@@ -0,0 +1,8 @@
+# Permissions Policy: "deferred-fetch" Tests
+
+This folder contains tests to cover the permissions policy "deferred-fetch",
+which is used to gate the `fetchLater()` API.
+
+The tests follow the patterns from
+//permissions-policy/README.md to cover
+all use cases of permissions policy for a new feature.

fetch/fetch-later/permissions-policy/deferred-fetch-allowed-by-permissions-policy-attribute-redirect.tentative.https.window.js

@@ -0,0 +1,31 @@
+// META: title=Permissions Policy "deferred-fetch" is allowed to redirect by allow attribute
+// META: script=/permissions-policy/resources/permissions-policy.js
+// META: script=/common/utils.js
+// META: script=/common/get-host-info.sub.js
+// META: script=/fetch/fetch-later/permissions-policy/resources/helper.js
+// META: script=/pending-beacon/resources/pending_beacon-helper.js
+// META: timeout=long
+'use strict';
+
+const {
+  HTTPS_ORIGIN,
+  HTTPS_NOTSAMESITE_ORIGIN,
+} = get_host_info();
+
+const baseUrl = '/permissions-policy/resources/redirect-on-load.html#';
+const description = 'Permissions policy allow="deferred-fetch"';
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t,
+      getDeferredFetchPolicyInIframeHelperUrl(`${baseUrl}${HTTPS_ORIGIN}`),
+      expect_feature_available_default, /*feature_name=*/ 'deferred-fetch');
+}, `${description} allows same-origin navigation in an iframe.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t,
+      getDeferredFetchPolicyInIframeHelperUrl(
+          `${baseUrl}${HTTPS_NOTSAMESITE_ORIGIN}`),
+      expect_feature_unavailable_default, /*feature_name=*/ 'deferred-fetch');
+}, `${description} disallows cross-origin navigation in an iframe.`);

fetch/fetch-later/permissions-policy/deferred-fetch-allowed-by-permissions-policy-attribute.tentative.https.window.js

@@ -0,0 +1,36 @@
+// META: title=Permissions Policy "deferred-fetch" is allowed by allow attribute
+// META: script=/permissions-policy/resources/permissions-policy.js
+// META: script=/common/utils.js
+// META: script=/common/get-host-info.sub.js
+// META: script=/fetch/fetch-later/permissions-policy/resources/helper.js
+// META: script=/pending-beacon/resources/pending_beacon-helper.js
+// META: timeout=long
+'use strict';
+
+const {
+  HTTPS_ORIGIN,
+  HTTPS_NOTSAMESITE_ORIGIN,
+} = get_host_info();
+
+const description = 'Permissions policy "deferred-fetch"';
+const attribute = 'allow="deferred-fetch" attribute';
+
+async_test(
+    t => {
+      test_feature_availability(
+          'fetchLater()', t,
+          getDeferredFetchPolicyInIframeHelperUrl(HTTPS_ORIGIN),
+          expect_feature_available_default, /*feature_name=*/ 'deferred-fetch');
+    },
+    `${description} can be enabled in the same-origin iframe using ${
+        attribute}.`);
+
+async_test(
+    t => {
+      test_feature_availability(
+          'fetchLater()', t,
+          getDeferredFetchPolicyInIframeHelperUrl(HTTPS_NOTSAMESITE_ORIGIN),
+          expect_feature_available_default, /*feature_name=*/ 'deferred-fetch');
+    },
+    `${description} can be enabled in the cross-origin iframe using ${
+        attribute}.`);

fetch/fetch-later/permissions-policy/deferred-fetch-allowed-by-permissions-policy.tentative.https.window.js

@@ -0,0 +1,45 @@
+// META: title=Permissions Policy "deferred-fetch" is allowed
+// META: script=/permissions-policy/resources/permissions-policy.js
+// META: script=/common/utils.js
+// META: script=/common/get-host-info.sub.js
+// META: script=/fetch/fetch-later/permissions-policy/resources/helper.js
+// META: script=/pending-beacon/resources/pending_beacon-helper.js
+// META: timeout=long
+'use strict';
+
+const {
+  HTTPS_ORIGIN,
+  HTTPS_NOTSAMESITE_ORIGIN,
+} = get_host_info();
+
+const description = 'Permissions policy header: "deferred-fetch=*"';
+
+parallelPromiseTest(async _ => {
+  const uuid = token();
+  const url = generateSetBeaconURL(uuid);
+
+  // Request the browser to fetchLater() immediately.
+  fetchLater(url, {activateAfter: 0});
+
+  await expectBeacon(uuid, {count: 1});
+}, `${description} allows fetchLater() in the top-level document.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t, getDeferredFetchPolicyInIframeHelperUrl(HTTPS_ORIGIN),
+      expect_feature_available_default);
+}, `${description} allows fetchLater() in the same-origin iframe.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t,
+      getDeferredFetchPolicyInIframeHelperUrl(HTTPS_NOTSAMESITE_ORIGIN),
+      expect_feature_unavailable_default);
+}, `${description} disallows fetchLater() in the cross-origin iframe.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t,
+      getDeferredFetchPolicyInIframeHelperUrl(HTTPS_NOTSAMESITE_ORIGIN),
+      expect_feature_available_default, /*feature_name=*/ 'deferred-fetch');
+}, `${description} allow="deferred-fetch" allows fetchLater() in the cross-origin iframe.`);

fetch/fetch-later/permissions-policy/deferred-fetch-allowed-by-permissions-policy.tentative.https.window.js.headers

@@ -0,0 +1 @@
+Permissions-Policy: deferred-fetch=*

fetch/fetch-later/permissions-policy/deferred-fetch-default-permissions-policy.tentative.https.window.js

@@ -0,0 +1,38 @@
+// META: title=Permissions Policy "deferred-fetch" default behavior
+// META: script=/permissions-policy/resources/permissions-policy.js
+// META: script=/common/utils.js
+// META: script=/common/get-host-info.sub.js
+// META: script=/fetch/fetch-later/permissions-policy/resources/helper.js
+// META: script=/pending-beacon/resources/pending_beacon-helper.js
+// META: timeout=long
+'use strict';
+
+const {
+  HTTPS_ORIGIN,
+  HTTPS_NOTSAMESITE_ORIGIN,
+} = get_host_info();
+
+const description = 'Default "deferred-fetch" permissions policy ["self"]';
+
+parallelPromiseTest(async _ => {
+  const uuid = token();
+  const url = generateSetBeaconURL(uuid);
+
+  // Request the browser to fetchLater() immediately.
+  fetchLater(url, {activateAfter: 0});
+
+  await expectBeacon(uuid, {count: 1});
+}, `${description} allows fetchLater() in the top-level document.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t, getDeferredFetchPolicyInIframeHelperUrl(HTTPS_ORIGIN),
+      expect_feature_available_default);
+}, `${description} allows fetchLater() in the same-origin iframe.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t,
+      getDeferredFetchPolicyInIframeHelperUrl(HTTPS_NOTSAMESITE_ORIGIN),
+      expect_feature_unavailable_default);
+}, `${description} disallows fetchLater() in the cross-origin iframe.`);

fetch/fetch-later/permissions-policy/deferred-fetch-disabled-by-permissions-policy.tentative.https.window.js

@@ -0,0 +1,34 @@
+// META: title=Permissions Policy "deferred-fetch" is disabled
+// META: script=/permissions-policy/resources/permissions-policy.js
+// META: script=/common/utils.js
+// META: script=/common/get-host-info.sub.js
+// META: script=/fetch/fetch-later/permissions-policy/resources/helper.js
+// META: script=/pending-beacon/resources/pending_beacon-helper.js
+// META: timeout=long
+'use strict';
+
+const {
+  HTTPS_ORIGIN,
+  HTTPS_NOTSAMESITE_ORIGIN,
+} = get_host_info();
+
+const description = 'Permissions policy header: "deferred-fetch=()"';
+
+parallelPromiseTest(async _ => {
+  // Request the browser to fetchLater() immediately, which is not allowed.
+  assert_throws_dom(
+      'NotAllowedError', () => fetchLater('/', {activateAfter: 0}));
+}, `${description} disallows fetchLater() in the top-level document.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t, getDeferredFetchPolicyInIframeHelperUrl(HTTPS_ORIGIN),
+      expect_feature_unavailable_default);
+}, `${description} disallows fetchLater() in the same-origin iframe.`);
+
+async_test(t => {
+  test_feature_availability(
+      'fetchLater()', t,
+      getDeferredFetchPolicyInIframeHelperUrl(HTTPS_NOTSAMESITE_ORIGIN),
+      expect_feature_unavailable_default);
+}, `${description} disallows fetchLater() in the cross-origin iframe.`);

fetch/fetch-later/permissions-policy/deferred-fetch-disabled-by-permissions-policy.tentative.https.window.js.headers

@@ -0,0 +1 @@
+Permissions-Policy: deferred-fetch=()

fetch/fetch-later/permissions-policy/deferred-fetch-supported-by-permissions-policy.tentative.window.js

@@ -0,0 +1,8 @@
+// META: title=The feature list should advertise deferred-fetch
+'use strict';
+
+// https://w3c.github.io/webappsec-permissions-policy/#dom-permissions-policy-features
+// https://wicg.github.io/local-fonts/#permissions-policy
+test(() => {
+  assert_in_array('deferred-fetch', document.featurePolicy.features());
+}, 'document.featurePolicy.features should advertise deferred-fetch.');

fetch/fetch-later/permissions-policy/resources/helper.js

@@ -0,0 +1,13 @@
+'use strict';
+
+/**
+ * Returns an URL to a document that can be used to initialize an iframe to test
+ * whether the "deferred-fetch"policy is enabled.
+ */
+function getDeferredFetchPolicyInIframeHelperUrl(iframeOrigin) {
+  if (!iframeOrigin.endsWith('/')) {
+    iframeOrigin += '/';
+  }
+  return `${
+      iframeOrigin}fetch/fetch-later/permissions-policy/resources/permissions-policy-deferred-fetch.html`;
+}

fetch/fetch-later/permissions-policy/resources/permissions-policy-deferred-fetch.html

@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<script>
+'use strict';
+
+window.onload = () => {
+  let enabled = true;
+  try {
+    fetchLater('/', {activateAfter: 0});
+  } catch (e) {
+    enabled = false;
+  }
+  parent.postMessage({ type: 'availability-result', enabled }, '*');
+}
+</script>