Bug 1566566 [wpt PR 17424] - KV Storage: tweak secure context restric…

…tion and expand tests, a=testonly

Automatic update from web-platform-tests
KV Storage: tweak secure context restriction and expand tests

Recent discussions on the KV Storage spec (WICG/kv-storage#53, WICG/kv-storage#68) have decided on a slightly different model for restricting modules to secure contexts, that is based on preventing them from entering the module map, instead of throwing an error at module evaluation time.

This is mostly observably the same, with a few small differences:
* The error type changes from DOMException "SecurityError" to TypeError. This CL updates the implementation's runtime check, and all associated tests, to match the new error type.
* Not being present in the module map means module graph initialization fails earlier, preventing any side effects from earlier modules in the graph from being evaluated. This is tested in the new WPT kv-storage/secure-context/side-effects.html, which we fail for now.
* Not being present in the module map means that import map failover works. This is is tested in the new WPT kv-storage/secure-context/import-maps.html, which we fail for now.

https://crbug.com/977470 tracks the infrastructure work necessary to move from a runtime check to selectively filling the module map, which will allow us to pass the two newly-added tests.

BUG=977470

Change-Id: I9371400e9beed5be4ed5fbb0c94747a7bc0b3e86
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1670572
Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org>
Reviewed-by: Joshua Bell <jsbell@chromium.org>
Commit-Queue: Domenic Denicola <domenic@chromium.org>
Cr-Commit-Position: refs/heads/master@{#677454}

--

wpt-commits: b3a9dd55d31874e8f2d197b4b958c0dac96ea844
wpt-pr: 17424

testing/web-platform/tests/kv-storage/secure-context/README.md

@@ -0,0 +1,5 @@
+# KV Storage `[SecureContext]` tests
+
+These tests ensure that KV Storage follows the rules for `[SecureContext]` modules. (As of the time of this writing, they are only proposed rules, in [heycam/webidl#675](https://github.com/heycam/webidl/pull/675).)
+
+Eventually these should probably be generalized and tested as part of `idlharness.js`.

testing/web-platform/tests/kv-storage/non-secure-context-dynamic-import.html → testing/web-platform/tests/kv-storage/secure-context/dynamic-import.html

@@ -13,6 +13,6 @@
 }, "Prerequisite check");
 
 promise_test(t => {
-  return promise_rejects(t, "SecurityError", import("std:kv-storage"));
+  return promise_rejects(t, new TypeError(), import("std:kv-storage"));
 });
 </script>

testing/web-platform/tests/kv-storage/secure-context/import-maps.html

@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>KV Storage: in non-secure contexts, import map mappings should fall back</title>
+
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<script>
+"use strict";
+test(() => {
+  assert_false(self.isSecureContext, "This test must run in a non-secure context");
+}, "Prerequisite check");
+</script>
+
+<script type="importmap">
+{
+  "imports": {
+    "std:kv-storage": [
+      "std:kv-storage",
+      "./resources/dummy-module.js"
+    ]
+  }
+}
+</script>
+
+<script type="module">
+promise_test(async () => {
+  const result = await import("std:kv-storage");
+  assert_equals(namespaceObj.myExport, "not the real KV storage");
+});
+</script>

testing/web-platform/tests/kv-storage/non-secure-context-import-statement.html → testing/web-platform/tests/kv-storage/secure-context/import-statement.html

@@ -15,9 +15,7 @@
 
 async_test(t => {
   window.addEventListener("error", t.step_func_done(errorEvent => {
-    assert_equals(errorEvent.error.constructor, DOMException, "Must trigger a DOMException");
-    assert_equals(errorEvent.error.name, "SecurityError",
-      "The DOMException must be a \"SecurityError\"");
+    assert_equals(errorEvent.error.constructor, TypeError, "Must trigger a TypeError");
   }, { once: true }));
 });
 </script>

testing/web-platform/tests/kv-storage/secure-context/resources/dummy-module.js

@@ -0,0 +1 @@
+export const myExport = "not the real KV storage";

testing/web-platform/tests/kv-storage/secure-context/resources/test-side-effects.js

@@ -0,0 +1 @@
+window.sideEffectsHappened = true;

testing/web-platform/tests/kv-storage/secure-context/script-element.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>KV Storage: should not work in non-secure contexts when included via a script element</title>
+
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<script>
+"use strict";
+test(() => {
+  assert_false(self.isSecureContext, "This test must run in a non-secure context");
+}, "Prerequisite check");
+
+window.t = async_test("Check the events");
+</script>
+
+<script type="module"
+        src="std:kv-storage"
+        onload="t.step(() => { assert_unreached('load event fired'); })"
+        onerror="t.done()">
+</script>

testing/web-platform/tests/kv-storage/secure-context/side-effects.html

@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>KV Storage: should fail in non-secure contexts in the fetching phase, not evaluation phase</title>
+
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+
+<script>
+"use strict";
+setup({ allow_uncaught_exception: true });
+
+window.sideEffectsHappened = false;
+
+test(() => {
+  assert_false(self.isSecureContext, "This test must run in a non-secure context");
+}, "Prerequisite check");
+</script>
+
+<script type="module">
+import "./resources/test-side-effects.js";
+import "std:kv-storage";
+</script>
+
+<script type="module">
+test(() => {
+  assert_false(window.sideEffectsHappened, "The side effects module didn't evaluate either");
+});
+</script>