[WPT/mixed-content] Add tests for SharedWorkers with no opt-in headers

Manual change: wpt/mixed-content/spec.src.json.
  Previously, it omitted `http-rp/unset` tests because it expected
  redundant tests `meta/unset`. However, in certain worker-related
  tests, there are no `meta` tests, and thus `http-rp/unset` is
  not redundant.
  This CL enables generating such non-redundant `http-rp/unset` tests,
  namely `sharedworker-{classic,module}.http-rp/unset`,
  i.e. SharedWorkers served from HTTPS origin without no
  opt-in CSP headers.

All other changes are mechanical.

Bug: 1061679, 1056500
Change-Id: Ib8c323cf06e1c6e0a0bdeae713bd13848335b95a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2103967
Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org>
Reviewed-by: Kenichi Ishibashi <bashi@chromium.org>
Cr-Commit-Position: refs/heads/master@{#750486}

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/cross-http.keep-scheme.https.html

@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of blockable content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and keep-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-http",
+          "redirection": "keep-scheme",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/cross-http.keep-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/cross-http.no-redirect.https.html

@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of blockable content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-http",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/cross-http.no-redirect.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/cross-http.swap-scheme.https.html

@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of blockable content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for fetch to cross-http origin and swap-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-http",
+          "redirection": "swap-scheme",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/cross-http.swap-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-http.keep-scheme.https.html

@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of blockable content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and keep-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http",
+          "redirection": "keep-scheme",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-http.keep-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-http.no-redirect.https.html

@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of blockable content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-http.no-redirect.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-http.swap-scheme.https.html

@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of blockable content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for fetch to same-http origin and swap-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "same-http",
+          "redirection": "swap-scheme",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-http.swap-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-https.keep-scheme.https.html

@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Allowed content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of allowed content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+    <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and keep-scheme redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "keep-scheme",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-https.keep-scheme.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-https.no-redirect.https.html

@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Allowed content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of allowed content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/">
+    <meta name="assert" content="Mixed-Content: Expects allowed for fetch to same-https origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "allowed",
+          "origin": "same-https",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "fetch",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/sharedworker-classic.http-rp/unset/fetch/same-https.no-redirect.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content

mixed-content/gen/sharedworker-classic.http-rp/unset/websocket/cross-ws.no-redirect.https.html

@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by `common/security-features/tools/generate.py --spec mixed-content/` -->
+<html>
+  <head>
+    <title>Mixed-Content: Blockable content</title>
+    <meta charset='utf-8'>
+    <meta name="description" content="Test behavior of blockable content.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="http://www.w3.org/TR/mixed-content/#category-blockable">
+    <meta name="assert" content="Mixed-Content: Expects blocked for websocket to cross-ws origin and no-redirect redirection from https context.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/common/security-features/resources/common.sub.js"></script>
+    <script src="../../../../generic/test-case.sub.js"></script>
+  </head>
+  <body>
+    <script>
+      TestCase(
+        {
+          "expectation": "blocked",
+          "origin": "cross-ws",
+          "redirection": "no-redirect",
+          "source_context_list": [
+            {
+              "policyDeliveries": [],
+              "sourceContextType": "sharedworker-classic"
+            }
+          ],
+          "source_scheme": "https",
+          "subresource": "websocket",
+          "subresource_policy_deliveries": []
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>

mixed-content/gen/sharedworker-classic.http-rp/unset/websocket/cross-ws.no-redirect.https.html.headers

@@ -0,0 +1 @@
+Content-Security-Policy: block-all-mixed-content